Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2019-14850

    A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the ser... Read more

    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-1433

    A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler... Read more

    Affected Products : plasma-workspace
    • Published: Feb. 11, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-1542

    Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has... Read more

    Affected Products : python
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-8556

    A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.... Read more

    Affected Products : circl
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2025-6011

    A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Com... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2001-0317

    Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2002-2092

    Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2002-0430

    MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2001-0627

    vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : openserver
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1258

    Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.... Read more

    Affected Products : imp
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1322

    xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.... Read more

    Affected Products : xinetd
    • Published: Jul. 10, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1519

    RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that adminis... Read more

    Affected Products : windows_2000
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0430

    Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.... Read more

    Affected Products : debian_linux
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1395

    Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-2148

    The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary fil... Read more

    Affected Products : linux_kernel
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2008-1734

    Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpret... Read more

    Affected Products : linux php_toolkit
    • Published: Apr. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-0133

    Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a dif... Read more

    Affected Products : aix
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4226

    MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permiss... Read more

    Affected Products : mysql mysql
    • Published: Aug. 18, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1409

    dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.... Read more

    Affected Products : linux xfree86_x_server
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-0267

    The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : kexec-tools
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293262 Results