Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2006-1524

    madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this de... Read more

    Affected Products : linux_kernel
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0946

    apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologi... Read more

    Affected Products : linux
    • Published: Dec. 04, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0850

    The default permissions for Endymion MailMan allow local users to read email or modify files.... Read more

    Affected Products : mailman_webmail
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0487

    The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.... Read more

    Affected Products : windows_2000
    • Published: Jun. 01, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0090

    VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.... Read more

    Affected Products : workstation
    • Published: Jan. 17, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-3038

    IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group memberships.... Read more

    Affected Products : spss_modeler
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2023-44129

    The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by... Read more

    Affected Products : android v60_thin_q_5g
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2000-0379

    The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.... Read more

    Affected Products : r-series_routers
    • Published: May. 16, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1059

    VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.... Read more

    Affected Products : workstation
    • Published: Jul. 30, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-1156

    StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.... Read more

    Affected Products : staroffice
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0270

    The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.... Read more

    Affected Products : emacs
    • Published: Apr. 18, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-1234

    Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_coun... Read more

    Affected Products : freebsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-3576

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.... Read more

    Affected Products : solaris opensolaris
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2000-0667

    Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.... Read more

    Affected Products : linux
    • Published: Jul. 27, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2334

    Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.... Read more

    Affected Products : joe
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2019-5252

    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the ap... Read more

    • Published: Dec. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2022-29615

    SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with versio... Read more

    Affected Products : netweaver_developer_studio
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2013-5857

    Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authentic... Read more

    Affected Products : industry_applications
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2019-10988

    In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in... Read more

    Affected Products : hdi_4000_firmware hdi_4000
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-3786

    Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.... Read more

    Affected Products : pcanywhere
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293353 Results