Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2014-0476

    The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.... Read more

    Affected Products : ubuntu_linux chkrootkit
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2013-7347

    Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-335... Read more

    Affected Products : enterprise_linux conga
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2006-1174

    useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly ... Read more

    Affected Products : shadow
    • Published: May. 28, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2022-23292

    Microsoft Power BI Spoofing Vulnerability... Read more

    Affected Products : on-premises_data_gateway
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-21619

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition:... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2008-0883

    acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.... Read more

    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2024-21210

    Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via... Read more

    Affected Products : jdk jre java_se
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2012-0032

    Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining J... Read more

    Affected Products : jboss_operations_network
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2012-1720

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confident... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2009-0415

    Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path.... Read more

    Affected Products : trickle
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2015-4834

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.... Read more

    Affected Products : solaris
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2016-0701

    The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by m... Read more

    Affected Products : openssl
    • Published: Feb. 15, 2016
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2016-0671

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.... Read more

    Affected Products : http_server
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2024-36511

    An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when c... Read more

    Affected Products : fortiadc
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 3.7

    LOW
    CVE-2024-34079

    octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of servi... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2004-1465

    Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.... Read more

    Affected Products : winzip
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2012-0133

    HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card.... Read more

    • Published: Apr. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2013-0219

    System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.... Read more

    Affected Products : enterprise_linux sssd
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-30752

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unau... Read more

    Affected Products : jdk jre java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2003-0924

    netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.... Read more

    Affected Products : netpbm
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293607 Results