Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2005-4803

    graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. ... Read more

    Affected Products : graphviz
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-3202

    fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debug... Read more

    Affected Products : debian_linux fuse
    • Published: Jul. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2002-1509

    A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.... Read more

    Affected Products : linux
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-0044

    GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.... Read more

    Affected Products : debian_linux linux enscript
    • Published: Jan. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-4846

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions... Read more

    Affected Products : e-business_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-4763

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2006-4439

    pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a dif... Read more

    Affected Products : solaris
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3707

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2009-1991

    Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was... Read more

    Affected Products : database_server
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2016-0426

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 3.6

    LOW
    CVE-1999-1530

    cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.... Read more

    Affected Products : cobalt_raq_3i cobalt_raq_2
    • Published: Nov. 08, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-4796

    Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-2288

    Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.... Read more

    Affected Products : altiris_deployment_solution
    • Published: May. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2024-45310

    runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by ... Read more

    Affected Products : runc
    • Published: Sep. 03, 2024
    • Modified: Feb. 21, 2025

  • 3.6

    LOW
    CVE-2006-5406

    Passgo Defender 5.2 creates the application directory with insecure permissions (Everyone/Full Control), which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third... Read more

    Affected Products : defender
    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2014-1257

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2010-4420

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-0804

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2007-5851

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293308 Results