Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2024-2918

    Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafte... Read more

    Affected Products : devolutions_server
    • Published: Apr. 09, 2024
    • Modified: Mar. 28, 2025

  • 3.6

    LOW
    CVE-2003-0448

    Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.... Read more

    Affected Products : portmon
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-2401

    NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4266

    Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Syman... Read more

    Affected Products : norton_personal_firewall
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2019-0178

    Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-5163

    IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.... Read more

    Affected Products : informix_dynamic_server
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2022-37010

    In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed... Read more

    Affected Products : intellij_idea
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2020-4008

    The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited num... Read more

    Affected Products : macos carbon_black_cloud
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-39342

    Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior... Read more

    Affected Products : dangerzone
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2015-4231

    The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.... Read more

    Affected Products : nx-os nexus_7000 nexus_7700
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2004-0698

    4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.... Read more

    Affected Products : webstar
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2013-0254

    The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or... Read more

    Affected Products : qt qt
    • Published: Feb. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2003-1460

    Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.... Read more

    Affected Products : worker_filemanager
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2009-3409

    Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2013-2387

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2019-5252

    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the ap... Read more

    • Published: Dec. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-3586

    Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-4240

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.... Read more

    Affected Products : mysql
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-38531

    Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible... Read more

    Affected Products : nix nix
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-3028

    The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.... Read more

    Affected Products : joomla aardvertiser
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293610 Results