Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2008-7207

    RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.... Read more

    Affected Products : rivettracker
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-2111

    Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.... Read more

    • Published: Apr. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4452

    Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.... Read more

    Affected Products : jboss_operations_network
    • Published: Dec. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-3522

    Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade based servers allows local users to affect confidentiality, related to Integrated Lights Out Manager CLI.... Read more

    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1604

    The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.... Read more

    Affected Products : rply rply
    • Published: Jan. 28, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5456

    Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the conf... Read more

    Affected Products : social_stats
    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-1629

    Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal taxotouch
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-1588

    The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.... Read more

    Affected Products : netbsd
    • Published: Apr. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-53535

    Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-lin... Read more

    Affected Products : better_auth
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 2.1

    LOW
    CVE-2010-1123

    Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.... Read more

    Affected Products : deliver
    • Published: Mar. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-2517

    The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : sarab
    • Published: Jun. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-0229

    Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key.... Read more

    Affected Products : wehntrust
    • Published: Jan. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-5008

    Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.... Read more

    Affected Products : secure_desktop
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1358

    Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : drupal bibliography
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2711

    Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to... Read more

    Affected Products : drupal taxonomy_list
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-7368

    Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.... Read more

    Affected Products : revive_adserver
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1530

    Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1)... Read more

    Affected Products : drupal i18n
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1487

    IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.... Read more

    Affected Products : lotus_notes notes
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-6754

    Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or... Read more

    Affected Products : path_breadcrumbs
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2021-2141

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker wi... Read more

    Affected Products : flexcube_direct_banking
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292826 Results