Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2002-1509

    A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.... Read more

    Affected Products : linux
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2011-2779

    Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-07... Read more

    • Published: Jul. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2025-2528

    Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Deskto... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2012-0808

    as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.... Read more

    Affected Products : as31
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-0109

    Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-3511

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect integrity and availability via unknown vectors related to Privileged Accou... Read more

    Affected Products : database_server
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-1875

    The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : capture-tiny
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2013-5364

    Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configura... Read more

    Affected Products : enterprise_linux csi_agent
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-2930

    The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-0005

    PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a cr... Read more

    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2008-2148

    The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary fil... Read more

    Affected Products : linux_kernel
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal

  • 3.6

    LOW
    CVE-2016-0426

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2008-0666

    Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.... Read more

    Affected Products : website_meta_language
    • Published: Feb. 11, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-4439

    pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a dif... Read more

    Affected Products : solaris
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2010-3028

    The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.... Read more

    Affected Products : joomla aardvertiser
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-4819

    The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sa... Read more

    Affected Products : x_server x.org-xserver
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-3586

    Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2024-38531

    Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible... Read more

    Affected Products : nix nix
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294329 Results