Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2019-17263

    In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are a... Read more

    Affected Products : libfwsi
    • Published: Oct. 06, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-19057

    Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failur... Read more

    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-17264

    In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in ... Read more

    Affected Products : liblnk
    • Published: Oct. 06, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-0012

    The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.... Read more

    Affected Products : firefox spice-xpi
    • Published: Apr. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-17053

    ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-17054

    atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-4648

    The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-2056

    GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : gv
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-2053

    emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.... Read more

    Affected Products : emesene
    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-0358

    Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as ... Read more

    Affected Products : firefox
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2012-3378

    The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink ... Read more

    Affected Products : at-spi2-atk
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-6335

    The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."... Read more

    Affected Products : avg_antivirus
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-6348

    Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain p... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2011-4497

    QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.... Read more

    Affected Products : rt-n56u rt-n56u_firmware
    • Published: Nov. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-4366

    Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to acces... Read more

    • Published: Nov. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-2310

    SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi applicati... Read more

    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-5081

    An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.... Read more

    • Published: Jan. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-23288

    NVIDIA GPU Display Driver for Windows contains a vulnerability  where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure.... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2006-1247

    rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : aix
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2023-37395

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.... Read more

    Affected Products : aspera_faspex
    • Published: Dec. 11, 2024
    • Modified: Jan. 07, 2025
Showing 20 of 293437 Results