Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2008-3899

    TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this ... Read more

    Affected Products : truecrypt
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-1644

    The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.... Read more

    Affected Products : drupal og_vocab
    • EPSS Score: %0.28
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3818

    The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.... Read more

    Affected Products : revelation
    • EPSS Score: %0.06
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-9417

    The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.... Read more

    Affected Products : espace_desktop
    • EPSS Score: %0.10
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1584

    Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.... Read more

    Affected Products : drupal context
    • EPSS Score: %0.45
    • Published: May. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-5084

    The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.... Read more

    • EPSS Score: %0.13
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-0690

    Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.... Read more

    Affected Products : g6_ftp_server
    • EPSS Score: %0.09
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-3929

    Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.18
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-0803

    The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.... Read more

    Affected Products : aix_enetwork_firewall
    • EPSS Score: %2.71
    • Published: May. 25, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0077

    Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors.... Read more

    Affected Products : file_extattr
    • EPSS Score: %0.09
    • Published: Jan. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0055

    The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.07
    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4697

    The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.... Read more

    Affected Products : windows_xp
    • EPSS Score: %1.26
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4273

    Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.... Read more

    Affected Products : aix
    • EPSS Score: %0.06
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4412

    Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to direc... Read more

    Affected Products : program_neighborhood_client
    • EPSS Score: %0.09
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1259

    Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.... Read more

    Affected Products : office
    • EPSS Score: %1.93
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1271

    Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.... Read more

    Affected Products : dreamweaver
    • EPSS Score: %0.01
    • Published: Jun. 11, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1285

    Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 27, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-1539

    Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comm... Read more

    Affected Products : drupal workflow
    • EPSS Score: %0.34
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-2381

    Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.... Read more

    Affected Products : wonderware_information_server
    • EPSS Score: %0.03
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-3238

    Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.... Read more

    Affected Products : solaris
    • EPSS Score: %0.06
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292275 Results