Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-6655

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2015-4946

    Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x bef... Read more

    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2001-0131

    htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : debian_linux http_server
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2015-4481

    Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file du... Read more

    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-4958

    IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information... Read more

    Affected Products : infosphere_master_data_management
    • Published: Jan. 17, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-0124

    NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a lim... Read more

    Affected Products : cuda_toolkit
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 3.3

    LOW
    CVE-2020-5928

    In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times.... Read more

    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-14772

    Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login att... Read more

    Affected Products : skybox_manager_client_application
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-15530

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the applicat... Read more

    Affected Products : norton_family
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2020-5831

    Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been all... Read more

    Affected Products : endpoint_protection_manager
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-42249

    In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong because the message is likely to be in the queue and not transferred yet. Thi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2024
    • Modified: Aug. 08, 2024

  • 3.3

    LOW
    CVE-2023-51792

    Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.... Read more

    Affected Products :
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-17807

    The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2024-28085

    wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from ar... Read more

    Affected Products : debian_linux util-linux
    • Published: Mar. 27, 2024
    • Modified: Mar. 20, 2025

  • 3.3

    LOW
    CVE-2014-1264

    Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a ... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-27799

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including tho... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jun. 10, 2024
    • Modified: Mar. 13, 2025

  • 3.3

    LOW
    CVE-2024-2213

    An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This ... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-0429

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2009-4193

    Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.... Read more

    Affected Products : merkaartor
    • Published: Dec. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2009-4664

    Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.... Read more

    Affected Products : linux_kernel firewall_builder
    • Published: Mar. 03, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293505 Results