Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2021-35465

    Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P... Read more

    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2014-4240

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.... Read more

    Affected Products : mysql
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2010-4460

    Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-3586

    Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-4819

    The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sa... Read more

    Affected Products : x_server x.org-xserver
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-1967

    Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.... Read more

    Affected Products : windows insight_software_installer
    • Published: Jul. 15, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-1439

    yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network pro... Read more

    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-3707

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2505

    Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTE... Read more

    Affected Products : database_server
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4745

    ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.... Read more

    Affected Products : pocketexpense_pro
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2617

    The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application w... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-2582

    Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete lic... Read more

    Affected Products : kaspersky_anti-virus
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3589

    vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the S... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0180

    Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-2319

    IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-0005

    PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a cr... Read more

    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-0177

    The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.... Read more

    Affected Products : hub hub
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-1999-1366

    Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.... Read more

    Affected Products : pegasus_mail
    • Published: May. 15, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0885

    Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.... Read more

    Affected Products : alibaba
    • Published: Nov. 03, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0430

    Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.... Read more

    Affected Products : debian_linux
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results