Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2012-6371

    The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulne... Read more

    Affected Products : n900_wireless_router
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-24973

    Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 3.3

    LOW
    CVE-2022-20535

    In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 3.3

    LOW
    CVE-2024-6780

    Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-26427

    Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are k... Read more

    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-12548

    Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction i... Read more

    Affected Products : power_pdf
    • Published: Feb. 11, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2002-2301

    Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.... Read more

    Affected Products : lawson_financials
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2023-21349

    In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-5506

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.... Read more

    Affected Products : identity_manager
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-0238

    selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.... Read more

    Affected Products : openshift openshift
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2023-20726

    In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ... Read more

    Affected Products : android openwrt yocto rdkb mt2735 mt6779 mt6781 mt6783 mt6785 mt6789 +53 more products
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 3.3

    LOW
    CVE-2009-5079

    The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.... Read more

    Affected Products : groff
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-40442

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-0118

    Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.... Read more

    Affected Products : bournal
    • Published: Feb. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-4664

    Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.... Read more

    Affected Products : linux_kernel firewall_builder
    • Published: Mar. 03, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-5007

    The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.... Read more

    Affected Products : anyconnect_ssl_vpn
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-3614

    liboping 1.3.2 allows users reading arbitrary files upon the local system.... Read more

    Affected Products : debian_linux liboping
    • Published: Nov. 09, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-4193

    Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.... Read more

    Affected Products : merkaartor
    • Published: Dec. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2008-1832

    lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.... Read more

    Affected Products : cecilia
    • Published: Apr. 16, 2008
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2019-2876

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to ... Read more

    Affected Products : leap vm_virtualbox
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results