Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-6655

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2010-3316

    The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a ... Read more

    Affected Products : linux-pam
    • Published: Jan. 24, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-2524

    The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.... Read more

    Affected Products : fedora opensuse mageia readline
    • Published: Aug. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-9680

    sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstra... Read more

    Affected Products : sudo
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2013-2142

    userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or... Read more

    Affected Products : libimobiledevice
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-8449

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-5636

    Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism b... Read more

    Affected Products : endpoint_security
    • Published: Nov. 30, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-3691

    PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.... Read more

    Affected Products : phpcas phpcas
    • Published: Oct. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-4116

    lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.... Read more

    Affected Products : npm node_packaged_modules
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2017-13801

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2013-4866

    The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort.... Read more

    Affected Products : my_satis_genius_toilet
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2023-0196

    NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. ... Read more

    Affected Products : windows cuda_toolkit linux_kernel
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-23257

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.... Read more

    Affected Products : macos iphone_os ipad_os ipados visionos
    • Published: Mar. 08, 2024
    • Modified: Mar. 27, 2025

  • 3.3

    LOW
    CVE-2019-8809

    A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-2213

    An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This ... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-30347

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Jul. 09, 2025

  • 3.3

    LOW
    CVE-2022-34873

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-30364

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 3.3

    LOW
    CVE-2012-2377

    JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent netwo... Read more

    • Published: Nov. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-40394

    The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293608 Results