Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2010-0895

    Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter.... Read more

    Affected Products : opensolaris
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2009-3257

    vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2003-1234

    Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_coun... Read more

    Affected Products : freebsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2000-1156

    StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.... Read more

    Affected Products : staroffice
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-1452

    Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.... Read more

    Affected Products : qpopper
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-1982

    Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller w... Read more

    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2020-3830

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.... Read more

    Affected Products : macos mac_os_x
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2023-45145

    Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, du... Read more

    Affected Products : fedora debian_linux redis
    • Published: Oct. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2025-27145

    copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into c... Read more

    Affected Products : copyparty copyparty
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.6

    LOW
    CVE-2015-3164

    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.... Read more

    Affected Products : opensuse x_server xorg-server
    • Published: Jul. 01, 2015
    • Modified: Aug. 29, 2025

  • 3.6

    LOW
    CVE-2008-2148

    The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary fil... Read more

    Affected Products : linux_kernel
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-0353

    unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed informatio... Read more

    Affected Products : lsh
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2017-1699

    IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.... Read more

    Affected Products : websphere_mq mq
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2001-1258

    Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.... Read more

    Affected Products : imp
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2019-6679

    On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are sy... Read more

    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2001-1395

    Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.... Read more

    Affected Products : linux_kernel linux
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-1710

    The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.... Read more

    Affected Products : basilix_webmail
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2001-1322

    xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.... Read more

    Affected Products : xinetd
    • Published: Jul. 10, 2001
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2014-8994

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).... Read more

    Affected Products : check_diskio
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2006-3786

    Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.... Read more

    Affected Products : pcanywhere
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294510 Results