Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2014-5459

    The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache func... Read more

    Affected Products : php opensuse solaris evergreen
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-4417

    GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.... Read more

    Affected Products : glusterfs
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-4506

    idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.... Read more

    Affected Products : identity_manager identity_manager
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-4406

    The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2006-4745

    ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.... Read more

    Affected Products : pocketexpense_pro
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2009-2208

    FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU.... Read more

    Affected Products : freebsd
    • Published: Jun. 25, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2009-1991

    Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was... Read more

    Affected Products : database_server
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2015-0267

    The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : kexec-tools
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-1353

    Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-45310

    runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by ... Read more

    Affected Products : runc
    • Published: Sep. 03, 2024
    • Modified: Feb. 21, 2025

  • 3.6

    LOW
    CVE-2016-3155

    Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : apogee_insight
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2002-1518

    mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.... Read more

    Affected Products : irix
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-2703

    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.... Read more

    Affected Products : weblogic_portal weblogic_portal
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2001-1059

    VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.... Read more

    Affected Products : workstation
    • Published: Jul. 30, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0379

    The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.... Read more

    Affected Products : r-series_routers
    • Published: May. 16, 2000
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2022-3343

    The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to infla... Read more

    Affected Products : discy wpqa_builder himer
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-0124

    Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for p... Read more

    Affected Products : drupal
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-6251

    Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 24, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-11140

    The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-24375

    Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Disc... Read more

    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024
Showing 20 of 293437 Results