Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2024-54014

    Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application i... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 3.6

    LOW
    CVE-2013-0254

    The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or... Read more

    Affected Products : qt qt
    • Published: Feb. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2019-0178

    Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2020-4008

    The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited num... Read more

    Affected Products : macos carbon_black_cloud
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-5163

    IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.... Read more

    Affected Products : informix_dynamic_server
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2012-5557

    The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to... Read more

    Affected Products : drupal user_readonly
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2025-27613

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support ... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2025-30731

    Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logo... Read more

    Affected Products : applications_technology_stack
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2005-1430

    Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-0698

    4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.... Read more

    Affected Products : webstar
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2021-25366

    Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.... Read more

    Affected Products : internet
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-44129

    The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by... Read more

    Affected Products : android v60_thin_q_5g
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2000-0121

    The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.... Read more

    Affected Products : windows_nt
    • Published: Feb. 01, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-1066

    The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel me... Read more

    Affected Products : freebsd
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3786

    Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.... Read more

    Affected Products : pcanywhere
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-3038

    IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group memberships.... Read more

    Affected Products : spss_modeler
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-8532

    Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2003-0448

    Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.... Read more

    Affected Products : portmon
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2022-29615

    SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with versio... Read more

    Affected Products : netweaver_developer_studio
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2011-2322

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293529 Results