Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2002-1518

    mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.... Read more

    Affected Products : irix
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2007-2703

    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.... Read more

    Affected Products : weblogic_portal weblogic_portal
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2015-4155

    GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : parallel
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2018-1842

    IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2019-4349

    IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486... Read more

    Affected Products : maximo_anywhere
    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2025-4878

    A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing fa... Read more

    Affected Products : libssh
    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 3.6

    LOW
    CVE-2017-10088

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the in... Read more

    • Published: Aug. 08, 2017
    • Modified: May. 08, 2025

  • 3.6

    LOW
    CVE-2005-4796

    Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-1999-1530

    cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.... Read more

    Affected Products : cobalt_raq_3i cobalt_raq_2
    • Published: Nov. 08, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-2288

    Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.... Read more

    Affected Products : altiris_deployment_solution
    • Published: May. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2015-7311

    libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.... Read more

    Affected Products : xen
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2022-37010

    In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed... Read more

    Affected Products : intellij_idea
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2020-4008

    The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited num... Read more

    Affected Products : macos carbon_black_cloud
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2021-34428

    For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple... Read more

    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-51796

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.... Read more

    Affected Products : ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2024-56433

    shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potential... Read more

    Affected Products : shadow-utils
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 3.6

    LOW
    CVE-2006-4439

    pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a dif... Read more

    Affected Products : solaris
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2013-0254

    The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or... Read more

    Affected Products : qt qt
    • Published: Feb. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-4339

    ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to k... Read more

    Affected Products : enterprise_linux ipmitool
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-8737

    Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or fu... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293592 Results