Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-2763

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solari... Read more

    Affected Products : solaris solaris
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-1486

    libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.... Read more

    Affected Products : libvirt
    • Published: May. 31, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2007-4462

    lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.... Read more

    Affected Products : po4a
    • Published: Aug. 21, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2011-1089

    The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated... Read more

    Affected Products : glibc
    • Published: Apr. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2025-23287

    NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025

  • 3.3

    LOW
    CVE-2024-47576

    SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be re... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 3.3

    LOW
    CVE-2011-2533

    The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.... Read more

    Affected Products : dbus
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2021-20239

    A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-52703

    In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first usb_bulk_msg error... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-1000150

    An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.... Read more

    Affected Products : reverse_proxy_auth
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-0988

    In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informatio... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-8610

    AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-mes... Read more

    Affected Products : android
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-22426

    IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and... Read more

    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-27814

    SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.... Read more

    Affected Products : swhkd
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-25829

    Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log... Read more

    Affected Products : watch_active2_plugin
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-31072

    Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `r... Read more

    Affected Products : octokit octokit
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-25833

    Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-54493

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Mar. 24, 2025

  • 3.3

    LOW
    CVE-2022-33701

    Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-31071

    Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--... Read more

    Affected Products : octopoller
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results