Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2014-3981

    acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.... Read more

    Affected Products : php
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-2218

    Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.... Read more

    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3424

    lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-36137

    A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod... Read more

    Affected Products : node.js
    • Published: Sep. 07, 2024
    • Modified: Nov. 22, 2024

  • 3.3

    LOW
    CVE-2014-3986

    include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3422

    lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.... Read more

    Affected Products : emacs mageia
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-27799

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including tho... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jun. 10, 2024
    • Modified: Mar. 13, 2025

  • 3.3

    LOW
    CVE-2020-9780

    The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-2961

    A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.... Read more

    Affected Products : advancecomp
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025

  • 3.3

    LOW
    CVE-2025-6641

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-6643

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2013-1922

    qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used whe... Read more

    Affected Products : xen
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-31047

    An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.... Read more

    Affected Products : openexr
    • Published: Apr. 08, 2024
    • Modified: Aug. 13, 2025

  • 3.3

    LOW
    CVE-2021-30875

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-0072

    NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of ... Read more

    Affected Products : cuda_toolkit
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-0009

    The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 ... Read more

    • Published: Feb. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-3844

    This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state.... Read more

    Affected Products : iphone_os ipados
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4455

    The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.... Read more

    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2023-3436

    Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. ... Read more

    Affected Products : xpdf
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20321

    In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results