Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-0657

    Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.06
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0979

    The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NUL... Read more

    Affected Products : opensuse lightdm_gtk\+_greeter
    • EPSS Score: %0.08
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5619

    The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activit... Read more

    Affected Products : the_sleuth_kit
    • EPSS Score: %0.10
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3201

    Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.... Read more

    Affected Products : thermostat
    • EPSS Score: %0.05
    • Published: Jun. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2024-42325

    Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.... Read more

    Affected Products : zabbix
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 2.1

    LOW
    CVE-2013-1853

    Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.... Read more

    Affected Products : almanah
    • EPSS Score: %0.06
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5770

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.... Read more

    Affected Products : mysql
    • EPSS Score: %0.38
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2044

    The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.... Read more

    Affected Products : xen
    • EPSS Score: %0.08
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6394

    Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.... Read more

    Affected Products : opensuse xtrabackup
    • EPSS Score: %0.06
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-0529

    Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positiv... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-7421

    The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.... Read more

    • EPSS Score: %0.03
    • Published: Mar. 02, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-1769

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %11.08
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1563

    The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.... Read more

    Affected Products : fedora xen
    • EPSS Score: %0.08
    • Published: Feb. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0162

    The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.... Read more

    Affected Products : ruby_parser
    • EPSS Score: %0.15
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2603

    RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack.... Read more

    • EPSS Score: %0.06
    • Published: Dec. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0963

    Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an ... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1087

    Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.05
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0084

    The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended r... Read more

    • EPSS Score: %1.22
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0985

    Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.05
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-3077

    IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292048 Results