Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-2978

    Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CV... Read more

    Affected Products : cognos_business_intelligence
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4354

    The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.... Read more

    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4361

    The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.... Read more

    Affected Products : xen
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4274

    Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Adminis... Read more

    Affected Products : drupal password_policy
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4427

    pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen vi... Read more

    Affected Products : pyxtrlock
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5158

    The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4383

    Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal jquery_countdown
    • Published: Jan. 31, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-3043

    Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.... Read more

    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2389

    hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.... Read more

    Affected Products : hostapd
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4064

    Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTH... Read more

    Affected Products : lotus_inotes lotus_domino
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4455

    Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.... Read more

    Affected Products : katello_installer
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-3564

    Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.... Read more

    Affected Products : sun_glassfish_enterprise_server
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4218

    The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.... Read more

    Affected Products : wimax_network_service
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4969

    Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.... Read more

    • Published: Jan. 07, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4503

    Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.... Read more

    Affected Products : feed_element_mapper
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-2539

    Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.... Read more

    Affected Products : mapserver mapserver
    • Published: Aug. 02, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4498

    The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authentica... Read more

    Affected Products : drupal spaces
    • Published: May. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4614

    English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by... Read more

    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4216

    The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permission... Read more

    Affected Products : wimax_network_service
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292803 Results