Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2020-2900

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via mult... Read more

    Affected Products : graalvm
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-3803

    A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation... Read more

    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-47869

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacke... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 3.7

    LOW
    CVE-2023-33847

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link ... Read more

    • Published: Jun. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-39886

    TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of ... Read more

    Affected Products :
    • Published: Jul. 10, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2014-8994

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).... Read more

    Affected Products : check_diskio
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-2918

    Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafte... Read more

    Affected Products : devolutions_server
    • Published: Apr. 09, 2024
    • Modified: Mar. 28, 2025

  • 3.6

    LOW
    CVE-2018-1842

    IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2021-35465

    Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P... Read more

    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2017-18458

    cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-4266

    Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Syman... Read more

    Affected Products : norton_personal_firewall
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2020-13838

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).... Read more

    Affected Products : android
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-1999-0703

    OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.... Read more

    Affected Products : freebsd openbsd bsd_os
    • Published: Aug. 03, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0825

    The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.... Read more

    Affected Products : unixware
    • Published: Dec. 03, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-0202

    PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable ... Read more

    Affected Products : paintbbs
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-1234

    Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_coun... Read more

    Affected Products : freebsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0090

    VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.... Read more

    Affected Products : workstation
    • Published: Jan. 17, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2401

    NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2013-5857

    Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authentic... Read more

    Affected Products : industry_applications
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2003-0448

    Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.... Read more

    Affected Products : portmon
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293521 Results