Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-3575

    Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.... Read more

    Affected Products : virusscan
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4380

    MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.... Read more

    Affected Products : mysql
    • Published: Aug. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5912

    An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a ... Read more

    Affected Products : internet_explorer
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-4787

    AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information.... Read more

    Affected Products : alphamail
    • Published: Sep. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4190

    Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation.... Read more

    Affected Products : autohtml_module
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5915

    An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up... Read more

    Affected Products : chrome
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-4870

    dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.... Read more

    Affected Products : enterprise_linux dovecot
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-4186

    The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : edirectory
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3457

    Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow... Read more

    • Published: Aug. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3675

    Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.... Read more

    Affected Products : passwordsafe
    • Published: Jul. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-1933

    The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by... Read more

    Affected Products : pillow python_imaging_library
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-3108

    mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Sep. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1319

    The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.... Read more

    Affected Products : linux_kernel linux secure_linux
    • Published: Dec. 11, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5173

    The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-2040

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated use... Read more

    Affected Products : media_file_renamer
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-2520

    The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.... Read more

    Affected Products : mac_os_x
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-4768

    IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot ... Read more

    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4757

    The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function.... Read more

    Affected Products : content_collector
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2284

    The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspe... Read more

    • Published: Oct. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-1983

    The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.... Read more

    Affected Products : linux pax_linux
    • Published: May. 02, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293329 Results