Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2007-0775

    Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execut... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2008-0883

    acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.... Read more

    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2010-4450

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows l... Read more

    Affected Products : jre sdk jdk
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-4945

    A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overfl... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2013-2451

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors r... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2005-1993

    Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.... Read more

    Affected Products : sudo
    • Published: Jun. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2000-1162

    ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.... Read more

    Affected Products : ghostscript
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2012-0787

    The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the ... Read more

    Affected Products : enterprise_linux augeas
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2003-0924

    netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.... Read more

    Affected Products : netpbm
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-30752

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unau... Read more

    Affected Products : jdk jre java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2024-42332

    The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to ... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.7

    LOW
    CVE-2006-1057

    Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.... Read more

    Affected Products : gdm
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-40632

    Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requ... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2014-0476

    The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.... Read more

    Affected Products : ubuntu_linux chkrootkit
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2007-0235

    Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its add... Read more

    Affected Products : libgtop
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2015-1841

    The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.... Read more

    Affected Products : enterprise_virtualization
    • Published: Sep. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 3.7

    LOW
    CVE-2022-21624

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-21619

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition:... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2013-1959

    kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying t... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293633 Results