Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2011-1784

    The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to ... Read more

    Affected Products : keepalived
    • EPSS Score: %0.05
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2008-0001

    VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2025-2528

    Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Deskto... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2011-2289

    Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2015-5273

    The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /va... Read more

    • EPSS Score: %0.33
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2008-2288

    Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.... Read more

    Affected Products : altiris_deployment_solution
    • EPSS Score: %0.09
    • Published: May. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2008-0666

    Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.... Read more

    Affected Products : website_meta_language
    • EPSS Score: %0.03
    • Published: Feb. 11, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2023-51796

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.... Read more

    Affected Products : ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2004-2408

    Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of ... Read more

    Affected Products : linux-vserver
    • EPSS Score: %0.06
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0536

    Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng paramete... Read more

    Affected Products : phpsysinfo
    • EPSS Score: %0.74
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2995

    bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.... Read more

    Affected Products : bacula
    • EPSS Score: %0.08
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-3070

    HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.... Read more

    Affected Products : hylafax
    • EPSS Score: %0.07
    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4745

    ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.... Read more

    Affected Products : pocketexpense_pro
    • EPSS Score: %0.18
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2009-0835

    The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.18
    • Published: Mar. 06, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-3707

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.... Read more

    Affected Products : application_server
    • EPSS Score: %1.78
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3589

    vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the S... Read more

    • EPSS Score: %0.07
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-2660

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to Oracle Agile PLM Framework.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.16
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-2633

    Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center.... Read more

    • EPSS Score: %0.16
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2011-3571

    Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was a... Read more

    • EPSS Score: %0.26
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2008-1371

    Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details a... Read more

    Affected Products : drake_cms
    • EPSS Score: %1.42
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292731 Results