Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2000-1156

    StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.... Read more

    Affected Products : staroffice
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-0895

    Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter.... Read more

    Affected Products : opensolaris
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2005-3070

    HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.... Read more

    Affected Products : hylafax
    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-1902

    Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, an... Read more

    Affected Products : spa-pro_mail_atsolomon
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2995

    bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.... Read more

    Affected Products : bacula
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0576

    Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.... Read more

    Affected Products : solaris
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-3355

    (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context di... Read more

    Affected Products : rhythmbox
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2015-3631

    Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.... Read more

    Affected Products : docker moby
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-3165

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-4270

    The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-4233

    Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by ... Read more

    Affected Products : globus_toolkit
    • Published: Aug. 18, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0259

    ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.... Read more

    Affected Products : ssh
    • Published: Jun. 02, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-5213

    Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).... Read more

    Affected Products : solaris
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2008-4228

    The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-0133

    Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a dif... Read more

    Affected Products : aix
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2025-27613

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support ... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2025-4878

    A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing fa... Read more

    Affected Products : libssh
    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 3.6

    LOW
    CVE-2016-0426

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2011-0793

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292803 Results