Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2003-1234

    Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_coun... Read more

    Affected Products : freebsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0288

    The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.... Read more

    Affected Products : webseries_payment_application
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0850

    The default permissions for Endymion MailMan allow local users to read email or modify files.... Read more

    Affected Products : mailman_webmail
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-0202

    Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writ... Read more

    Affected Products : php_toolkit
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2045

    The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, wh... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2015-0794

    modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.... Read more

    Affected Products : opensuse dracut
    • Published: Nov. 19, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2007-6208

    sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.... Read more

    Affected Products : claws_mail_tools
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-5213

    Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).... Read more

    Affected Products : solaris
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2023-21999

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to th... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2000-0487

    The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.... Read more

    Affected Products : windows_2000
    • Published: Jun. 01, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-1673

    The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such ... Read more

    Affected Products : webmin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-5851

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-4233

    Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by ... Read more

    Affected Products : globus_toolkit
    • Published: Aug. 18, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2023-23543

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is ... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 3.6

    LOW
    CVE-2004-0435

    Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to ... Read more

    Affected Products : freebsd
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-3576

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.... Read more

    Affected Products : solaris opensolaris
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-5856

    Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, ... Read more

    Affected Products : industry_applications
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2009-3257

    vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2015-3631

    Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.... Read more

    Affected Products : docker moby
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-4372

    syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.... Read more

    Affected Products : iphone_os tvos
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293608 Results