Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2011-4114

    The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when anothe... Read more

    Affected Products : par-packer_module
    • Published: Jan. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-0125

    NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a ... Read more

    Affected Products : cuda_toolkit
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 3.3

    LOW
    CVE-2022-41043

    Microsoft Office Information Disclosure Vulnerability... Read more

    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 3.3

    LOW
    CVE-2023-38069

    In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases... Read more

    Affected Products : intellij_idea
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-1833

    Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-6382

    MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended ... Read more

    Affected Products : mantisbt
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-2477

    The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark opensuse
    • Published: Mar. 07, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-2475

    The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark opensuse
    • Published: Mar. 07, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-0966

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-4296

    Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.... Read more

    Affected Products : wireshark sunos opensuse
    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2006-1247

    rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : aix
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2012-4285

    The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and applicatio... Read more

    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-6559

    The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Oct. 26, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-5238

    epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and applica... Read more

    Affected Products : wireshark
    • Published: Oct. 04, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-1906

    Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite a... Read more

    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-40520

    The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-3504

    A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI co... Read more

    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-21043

    An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018).... Read more

    Affected Products : android exynos_9810
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28303

    Windows Snipping Tool Information Disclosure Vulnerability... Read more

    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28197

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293349 Results