Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2008-0049

    AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applicat... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.19
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2007-0120

    Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.... Read more

    Affected Products : web_vulnerability_scanner
    • EPSS Score: %0.58
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2015-4808

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, ... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.12
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2006-7162

    PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.... Read more

    Affected Products : putty putty
    • EPSS Score: %0.04
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-2027

    Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.... Read more

    Affected Products : linux_kernel mathematica
    • EPSS Score: %0.03
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2003-1588

    Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.... Read more

    Affected Products : cluster
    • EPSS Score: %0.06
    • Published: Feb. 08, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-5084

    IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive inf... Read more

    Affected Products : tivoli_federated_identity_manager
    • EPSS Score: %0.05
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1378

    IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.... Read more

    Affected Products : websphere_mq openvms
    • EPSS Score: %0.06
    • Published: Nov. 26, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-5292

    Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job.... Read more

    Affected Products : amberdms_billing_system
    • EPSS Score: %0.06
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2003-1447

    IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.04
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2007-2580

    Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.... Read more

    Affected Products : safari
    • EPSS Score: %0.26
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-3693

    NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file.... Read more

    Affected Products : enterprise_messenger_server
    • EPSS Score: %0.06
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-0700

    The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2023-31305

    Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 06, 2024

  • 1.9

    LOW
    CVE-2016-0436

    Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-... Read more

    Affected Products : retail_applications
    • EPSS Score: %0.28
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-4212

    The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data.... Read more

    Affected Products : android usaa
    • EPSS Score: %0.07
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3597

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.08
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4025

    IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it... Read more

    • EPSS Score: %0.08
    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0974

    The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value,... Read more

    Affected Products : little_kernel_bootloader
    • EPSS Score: %0.06
    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2011-3692

    NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step.... Read more

    Affected Products : enterprise_messenger_server
    • EPSS Score: %0.06
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291887 Results