Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2006-4991

    RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature... Read more

    • Published: Sep. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2384

    hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.... Read more

    Affected Products : hotfoon
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0806

    Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-1460

    Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.... Read more

    Affected Products : worker_filemanager
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2017-10308

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows physical access to compromise Oracle Agile... Read more

    • Published: Oct. 19, 2017
    • Modified: May. 08, 2025

  • 3.6

    LOW
    CVE-2025-30731

    Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logo... Read more

    Affected Products : applications_technology_stack
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2025-27613

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support ... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2014-8994

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).... Read more

    Affected Products : check_diskio
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2022-37010

    In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed... Read more

    Affected Products : intellij_idea
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2013-2387

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2024-50610

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.... Read more

    Affected Products : gnu_scientific_library
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 3.6

    LOW
    CVE-2017-10088

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the in... Read more

    • Published: Aug. 08, 2017
    • Modified: May. 08, 2025

  • 3.6

    LOW
    CVE-2006-4439

    pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a dif... Read more

    Affected Products : solaris
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2024-56433

    shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potential... Read more

    Affected Products : shadow-utils
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 3.6

    LOW
    CVE-2014-2477

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different ... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-6927

    vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containe... Read more

    Affected Products : vzctl
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2021-22136

    In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated ... Read more

    Affected Products : kibana
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2005-4796

    Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2020-1807

    HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow th... Read more

    Affected Products : mate_20_firmware mate_20
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2012-3453

    logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.... Read more

    Affected Products : logol
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293601 Results