Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2006-1753

    A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : debian_linux
    • EPSS Score: %0.06
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-1524

    madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this de... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2023-39342

    Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior... Read more

    Affected Products : dangerzone
    • EPSS Score: %0.06
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-44129

    The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by... Read more

    Affected Products : android v60_thin_q_5g
    • EPSS Score: %0.03
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2020-13838

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2011-2664

    Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.... Read more

    • EPSS Score: %0.06
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2023-3485

    Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the ... Read more

    Affected Products : temporal
    • EPSS Score: %0.02
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2004-0435

    Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to ... Read more

    Affected Products : freebsd
    • EPSS Score: %0.08
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2023-23543

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is ... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.06
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 3.6

    LOW
    CVE-2007-1150

    Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.... Read more

    Affected Products : lovecms
    • EPSS Score: %0.51
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2000-0090

    VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.... Read more

    Affected Products : workstation
    • EPSS Score: %0.06
    • Published: Jan. 17, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1059

    VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.... Read more

    Affected Products : workstation
    • EPSS Score: %0.04
    • Published: Jul. 30, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-1518

    mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.... Read more

    Affected Products : irix
    • EPSS Score: %0.05
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-2703

    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.... Read more

    Affected Products : weblogic_portal weblogic_portal
    • EPSS Score: %0.45
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2014-1257

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.06
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2007-2837

    The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.... Read more

    Affected Products : debian_linux fireflier
    • EPSS Score: %0.06
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2010-4420

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.09
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2002-2038

    Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.... Read more

    Affected Products : next_generation_posix_threading
    • EPSS Score: %0.14
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0018

    Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.... Read more

    Affected Products : linux_kernel linux
    • EPSS Score: %0.07
    • Published: Feb. 19, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2013-0412

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.05
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292387 Results