Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2015-2633

    Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2017-3235

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnera... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.6

    LOW
    CVE-2024-50610

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.... Read more

    Affected Products : gnu_scientific_library
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 3.6

    LOW
    CVE-2014-2477

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different ... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2016-0426

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 3.6

    LOW
    CVE-1999-1530

    cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.... Read more

    Affected Products : cobalt_raq_3i cobalt_raq_2
    • Published: Nov. 08, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-4796

    Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2021-22136

    In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated ... Read more

    Affected Products : kibana
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2008-2288

    Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.... Read more

    Affected Products : altiris_deployment_solution
    • Published: May. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2011-1021

    drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an inc... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-4339

    ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to k... Read more

    Affected Products : enterprise_linux ipmitool
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2021-25366

    Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.... Read more

    Affected Products : internet
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2004-0698

    4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.... Read more

    Affected Products : webstar
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-4231

    The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.... Read more

    Affected Products : nx-os nexus_7000 nexus_7700
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2025-27574

    Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configu... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.6

    LOW
    CVE-2008-0822

    Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : scribe
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2008-0001

    VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2005-2492

    The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.... Read more

    • Published: Sep. 14, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-2289

    Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.... Read more

    Affected Products : sunos solaris
    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293681 Results