Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-46051

    TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.... Read more

    Affected Products :
    • Published: Mar. 27, 2024
    • Modified: Nov. 29, 2024

  • 3.3

    LOW
    CVE-2020-18900

    A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub... Read more

    Affected Products : libexe
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-2056

    Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.... Read more

    Affected Products : ios_xr
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2024-1048

    A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rena... Read more

    Affected Products : enterprise_linux fedora grub2
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-15859

    QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.... Read more

    Affected Products : debian_linux qemu
    • Published: Jul. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-4060

    The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink a... Read more

    Affected Products : neutrino_rtos
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2011-1031

    The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.... Read more

    Affected Products : feh feh
    • Published: Feb. 14, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-0118

    Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.... Read more

    Affected Products : bournal
    • Published: Feb. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-3282

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, w... Read more

    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-5543

    When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.... Read more

    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-5079

    The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.... Read more

    Affected Products : groff
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2025-24121

    A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2020-14759

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execut... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-0546

    Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 17, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-5828

    Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been all... Read more

    Affected Products : endpoint_protection_manager
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3423

    lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2009-5007

    The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.... Read more

    Affected Products : anyconnect_ssl_vpn
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-14329

    A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and ... Read more

    Affected Products : ansible_tower
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40442

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-30364

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 293617 Results