Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2014-3981

    acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.... Read more

    Affected Products : php
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3422

    lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-34873

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3421

    lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3986

    include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3424

    lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-2133

    A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulat... Read more

    Affected Products :
    • Published: Mar. 03, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-2213

    An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This ... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3982

    include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-36766

    An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-8418

    RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.... Read more

    Affected Products : rubocop
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2024-47896

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Feb. 22, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2021-1018

    In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional executi... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-20263

    A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the gu... Read more

    Affected Products : qemu
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-1447

    Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.... Read more

    Affected Products : libvirt
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-4337

    The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.... Read more

    Affected Products : gnash
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-2285

    The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.... Read more

    Affected Products : wireshark
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2015-1044

    vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.... Read more

    Affected Products : player workstation esxi
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-7625

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2010-2794

    The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.... Read more

    Affected Products : firefox spice-xpi
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293545 Results