Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2003-1460

    Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.... Read more

    Affected Products : worker_filemanager
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0121

    The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.... Read more

    Affected Products : windows_nt
    • Published: Feb. 01, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0828

    UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.... Read more

    Affected Products : unixware
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-2664

    Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.... Read more

    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2022-29615

    SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with versio... Read more

    Affected Products : netweaver_developer_studio
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2008-0822

    Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : scribe
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2025-27145

    copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into c... Read more

    Affected Products : copyparty copyparty
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.6

    LOW
    CVE-2025-27574

    Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configu... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.6

    LOW
    CVE-2020-13837

    An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).... Read more

    Affected Products : android
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-3707

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-4406

    The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-0111

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.... Read more

    Affected Products : vm_virtualbox virtualization
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-6544

    Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-428... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-1257

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-1351

    Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.... Read more

    Affected Products : iphone_os
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2013-0412

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2002-0202

    PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable ... Read more

    Affected Products : paintbbs
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0850

    The default permissions for Endymion MailMan allow local users to read email or modify files.... Read more

    Affected Products : mailman_webmail
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0288

    The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.... Read more

    Affected Products : webseries_payment_application
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0825

    The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.... Read more

    Affected Products : unixware
    • Published: Dec. 03, 1999
    • Modified: Apr. 03, 2025
Showing 20 of 293643 Results