Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-1977

    OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.... Read more

    Affected Products : devstack
    • Published: May. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-0132

    Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.... Read more

    Affected Products : solaris hp-ux sunos
    • Published: Aug. 15, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-4820

    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.... Read more

    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2070

    Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block tit... Read more

    Affected Products : drupal multiblock
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1221

    dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.... Read more

    Affected Products : unix
    • Published: Nov. 17, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0040

    Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.... Read more

    Affected Products : irix
    • Published: Mar. 28, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-1877

    tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.... Read more

    Affected Products : tss
    • Published: Apr. 17, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-1999-1423

    ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.... Read more

    Affected Products : solaris sunos
    • Published: Jun. 26, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0719

    Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup,... Read more

    Affected Products : tru64
    • Published: Mar. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1659

    Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal noderecommendation
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-2334

    The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be... Read more

    Affected Products : windows_2000 windows_xp
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-0463

    The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentia... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Apr. 10, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0181

    The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-2047

    The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4702

    The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.... Read more

    Affected Products : nagios
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2017-18392

    cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2014-9731

    The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted file... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-2104

    sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.... Read more

    Affected Products : sysreport
    • Published: Oct. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3137

    The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.... Read more

    Affected Products : cfengine
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2462

    Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.... Read more

    Affected Products : liveresponse
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results