Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2013-3368

    bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.... Read more

    Affected Products : rt request_tracker
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-4288

    Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application... Read more

    Affected Products : wireshark sunos opensuse
    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2001-0131

    htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : debian_linux http_server
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2015-4788

    Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown vectors, a different vulnerability than CVE-2015-4774 an... Read more

    Affected Products : berkeley_db
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-4946

    Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x bef... Read more

    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-28085

    wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from ar... Read more

    Affected Products : debian_linux util-linux
    • Published: Mar. 27, 2024
    • Modified: Mar. 20, 2025

  • 3.3

    LOW
    CVE-2013-0248

    The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.... Read more

    Affected Products : commons_fileupload
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-3982

    include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-2377

    JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent netwo... Read more

    • Published: Nov. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-3981

    acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.... Read more

    Affected Products : php
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-34873

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3986

    include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-36766

    An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2007-4462

    lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.... Read more

    Affected Products : po4a
    • Published: Aug. 21, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2025-23287

    NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025

  • 3.3

    LOW
    CVE-2018-1000150

    An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.... Read more

    Affected Products : reverse_proxy_auth
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-2533

    The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.... Read more

    Affected Products : dbus
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-3311

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not per... Read more

    Affected Products : websphere_application_server z\/os
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-23292

    This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Mar. 08, 2024
    • Modified: Mar. 27, 2025

  • 3.3

    LOW
    CVE-2012-6336

    The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."... Read more

    Affected Products : lookout
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293643 Results