Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2014-8994

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).... Read more

    Affected Products : check_diskio
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-5557

    The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to... Read more

    Affected Products : drupal user_readonly
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2015-4156

    GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : opensuse parallel
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-50610

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.... Read more

    Affected Products : gnu_scientific_library
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 3.6

    LOW
    CVE-2018-16463

    A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.... Read more

    Affected Products : nextcloud_server
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-3485

    Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the ... Read more

    Affected Products : temporal
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-4092

    Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to re... Read more

    Affected Products : locked_browser
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1059

    VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.... Read more

    Affected Products : workstation
    • Published: Jul. 30, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0379

    The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.... Read more

    Affected Products : r-series_routers
    • Published: May. 16, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-2703

    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.... Read more

    Affected Products : weblogic_portal weblogic_portal
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2014-0177

    The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.... Read more

    Affected Products : hub hub
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2013-4157

    Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.... Read more

    Affected Products : storage_server
    • Published: Oct. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2018-1000030

    Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vuln... Read more

    Affected Products : ubuntu_linux python
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2012-1699

    The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service... Read more

    Affected Products : x.org_x11 xfree86
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3225

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-4518

    ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.... Read more

    Affected Products : ibacm
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-0109

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-3750

    The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Nov. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-1620

    slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.... Read more

    Affected Products : slock
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2015-5273

    The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /va... Read more

    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292894 Results