Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.2

    LOW
    CVE-2025-46415

    A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.... Read more

    Affected Products : nix
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Race Condition

  • 3.2

    LOW
    CVE-2018-1725

    IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.... Read more

    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2025-52991

    The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially l... Read more

    Affected Products : nix
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 3.2

    LOW
    CVE-2021-25333

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.... Read more

    Affected Products : pay_mini
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2013-2192

    The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sen... Read more

    Affected Products : hadoop
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2025-52992

    The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and ... Read more

    Affected Products : nix
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 3.2

    LOW
    CVE-2007-0282

    Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.... Read more

    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.2

    LOW
    CVE-2006-1285

    SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.... Read more

    Affected Products : ghost_solutions_suite norton_ghost
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.2

    LOW
    CVE-2025-59437

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current vers... Read more

    Affected Products : ip
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.2

    LOW
    CVE-2006-1014

    Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create ar... Read more

    Affected Products : php
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 3.2

    LOW
    CVE-2010-2384

    Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.... Read more

    Affected Products : solaris
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2013-4373

    The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.... Read more

    Affected Products : jboss_operations_network
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2012-0524

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing.... Read more

    Affected Products : peoplesoft_products
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2011-4160

    Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.... Read more

    • Published: Nov. 24, 2011
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2015-5011

    IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, ... Read more

    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.2

    LOW
    CVE-2012-1995

    Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors.... Read more

    Affected Products : systems_insight_manager
    • Published: Mar. 11, 2013
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2012-1993

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Apr. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2020-25084

    QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.... Read more

    Affected Products : debian_linux qemu
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2013-1923

    rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.... Read more

    Affected Products : nfs-utils
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2020-25742

    pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.... Read more

    Affected Products : qemu
    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results