Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2002-2401

    NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0090

    VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.... Read more

    Affected Products : workstation
    • Published: Jan. 17, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3786

    Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.... Read more

    Affected Products : pcanywhere
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2024-54014

    Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application i... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 3.6

    LOW
    CVE-2023-44129

    The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by... Read more

    Affected Products : android v60_thin_q_5g
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2019-5252

    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the ap... Read more

    • Published: Dec. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2025-27613

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support ... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2006-2288

    Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.... Read more

    Affected Products : avahi
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4266

    Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Syman... Read more

    Affected Products : norton_personal_firewall
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-0133

    Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a dif... Read more

    Affected Products : aix
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-4228

    The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2005-1982

    Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller w... Read more

    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2045

    The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, wh... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-1120

    The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bu... Read more

    Affected Products : mantisbt
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-2147

    resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. N... Read more

    Affected Products : resmgrd
    • Published: May. 02, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-0007

    gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.... Read more

    Affected Products : gnucash
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-4625

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.... Read more

    Affected Products : php
    • Published: Sep. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1396

    Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0703

    OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.... Read more

    Affected Products : freebsd openbsd bsd_os
    • Published: Aug. 03, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-5851

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293259 Results