Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2009-3409

    Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-1999-0828

    UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.... Read more

    Affected Products : unixware
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2008-1371

    Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details a... Read more

    Affected Products : drake_cms
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2009-3257

    vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2019-10988

    In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in... Read more

    Affected Products : hdi_4000_firmware hdi_4000
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2010-3576

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.... Read more

    Affected Products : solaris opensolaris
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-0412

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2000-0379

    The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.... Read more

    Affected Products : r-series_routers
    • Published: May. 16, 2000
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-4417

    GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.... Read more

    Affected Products : glusterfs
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2006-4759

    PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parame... Read more

    Affected Products : punbb
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4842

    The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary fil... Read more

    Affected Products : solaris portable_runtime_api
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2012-3750

    The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Nov. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-5477

    The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.... Read more

    Affected Products : foreman
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2012-1989

    telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-1699

    The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service... Read more

    Affected Products : x.org_x11 xfree86
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-1500

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unkn... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2004-2303

    MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.... Read more

    Affected Products : mformat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2012-5638

    The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.... Read more

    Affected Products : sanlock
    • Published: Dec. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-3171

    Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite ar... Read more

    • Published: Nov. 04, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2008-0001

    VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294307 Results