Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2004-2408

    Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of ... Read more

    Affected Products : linux-vserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2505

    Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTE... Read more

    Affected Products : database_server
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0576

    Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.... Read more

    Affected Products : solaris
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-6544

    Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-428... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2011-0804

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2007-6208

    sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.... Read more

    Affected Products : claws_mail_tools
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2013-0412

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2007-5851

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2003-0499

    Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.... Read more

    Affected Products : mantis
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-4819

    The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sa... Read more

    Affected Products : x_server x.org-xserver
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2024-38531

    Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible... Read more

    Affected Products : nix nix
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-3028

    The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.... Read more

    Affected Products : joomla aardvertiser
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-4625

    PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.... Read more

    Affected Products : php
    • Published: Sep. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-0007

    gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.... Read more

    Affected Products : gnucash
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2003-0246

    The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2045

    The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, wh... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-0819

    Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : plutostatus_locator
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2007-5936

    dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.... Read more

    Affected Products : tetex texlive_2007
    • Published: Nov. 13, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2025-27145

    copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into c... Read more

    Affected Products : copyparty copyparty
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.6

    LOW
    CVE-2012-2451

    The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it ... Read more

    Affected Products : config-inifiles
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293507 Results