Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2013-5144

    Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera... Read more

    Affected Products : iphone_os
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-4048

    The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jul. 24, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-5160

    Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL poi... Read more

    Affected Products : iphone_os
    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-0249

    The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.... Read more

    Affected Products : enterprise_linux sssd
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-27799

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including tho... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jun. 10, 2024
    • Modified: Mar. 13, 2025

  • 3.3

    LOW
    CVE-2013-5219

    Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd.... Read more

    • Published: Dec. 30, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-28584

    Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.... Read more

    Affected Products : freeimage
    • Published: Mar. 20, 2024
    • Modified: Mar. 28, 2025

  • 3.3

    LOW
    CVE-2024-26911

    In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem th... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-34640

    Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 3.3

    LOW
    CVE-2008-3933

    Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.... Read more

    Affected Products : wireshark
    • Published: Sep. 04, 2008
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2017-5084

    Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.... Read more

    Affected Products : chrome_os
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-2263

    Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive inf... Read more

    Affected Products : cloudera_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-8842

    tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : opensuse
    • Published: Apr. 20, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-4289

    epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.... Read more

    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-3316

    The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a ... Read more

    Affected Products : linux-pam
    • Published: Jan. 24, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-0789

    fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.... Read more

    Affected Products : fuse
    • Published: Mar. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-1031

    Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a l... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-2524

    The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.... Read more

    Affected Products : fedora opensuse mageia readline
    • Published: Aug. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-4516

    ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : pcm600
    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-0202

    A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.... Read more

    Affected Products : cloud_orchestrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294282 Results