Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 3.7

    LOW
    CVE-2013-7347

    Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-335... Read more

    Affected Products : enterprise_linux conga
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2014-0476

    The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.... Read more

    Affected Products : ubuntu_linux chkrootkit
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2024-22403

    Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are i... Read more

    Affected Products : nextcloud_server notes
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2012-4572

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class nam... Read more

    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2012-5659

    Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment v... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2013-0404

    Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2010-2391

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-4518

    ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.... Read more

    Affected Products : ibacm
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-2692

    MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary atta... Read more

    Affected Products : mantisbt
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2013-1766

    libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.... Read more

    Affected Products : libvirt
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-5638

    The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.... Read more

    Affected Products : sanlock
    • Published: Dec. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2012-1989

    telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2011-1837

    The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.... Read more

    Affected Products : ecryptfs_utils ecryptfs-utils
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2021-25366

    Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.... Read more

    Affected Products : internet
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2011-4339

    ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to k... Read more

    Affected Products : enterprise_linux ipmitool
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 3.6

    LOW
    CVE-2014-8737

    Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or fu... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2017-10088

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the in... Read more

    • Published: Aug. 08, 2017
    • Modified: May. 08, 2025

  • 3.6

    LOW
    CVE-2016-0426

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294836 Results