Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2023-44129

    The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by... Read more

    Affected Products : android v60_thin_q_5g
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-39342

    Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior... Read more

    Affected Products : dangerzone
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2021-25366

    Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.... Read more

    Affected Products : internet
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2025-27613

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support ... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2002-2384

    hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.... Read more

    Affected Products : hotfoon
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4991

    RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature... Read more

    • Published: Sep. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-0806

    Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2025-55188

    7-Zip before 25.01 does not always properly handle symbolic links during extraction.... Read more

    Affected Products : 7-zip
    • Published: Aug. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal

  • 3.6

    LOW
    CVE-2015-4156

    GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : opensuse parallel
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-8994

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).... Read more

    Affected Products : check_diskio
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-2918

    Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafte... Read more

    Affected Products : devolutions_server
    • Published: Apr. 09, 2024
    • Modified: Mar. 28, 2025

  • 3.6

    LOW
    CVE-2012-5557

    The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to... Read more

    Affected Products : drupal user_readonly
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2022-29615

    SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with versio... Read more

    Affected Products : netweaver_developer_studio
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-3485

    Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the ... Read more

    Affected Products : temporal
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2011-2664

    Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.... Read more

    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2017-18458

    cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2006-2288

    Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.... Read more

    Affected Products : avahi
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-0828

    UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.... Read more

    Affected Products : unixware
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-0121

    The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.... Read more

    Affected Products : windows_nt
    • Published: Feb. 01, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-1371

    Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details a... Read more

    Affected Products : drake_cms
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293640 Results