Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-3718

    Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0348

    thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : fedora opensuse thttpd linux sthttpd
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0812

    Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.... Read more

    • Published: Apr. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1134

    Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.... Read more

    Affected Products : java
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0071

    The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.... Read more

    Affected Products : x11r6
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1268

    lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.... Read more

    Affected Products : cups fedora_core
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0974

    The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0828

    The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.... Read more

    Affected Products : aix
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1237

    Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.... Read more

    • Published: Apr. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1377

    The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    • Published: Dec. 27, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2024-37046

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensit... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.1

    LOW
    CVE-2021-2141

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker wi... Read more

    Affected Products : flexcube_direct_banking
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2024-31747

    An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 29, 2024
    • Modified: Jul. 30, 2025

  • 2.1

    LOW
    CVE-2014-5448

    Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.... Read more

    Affected Products : zarafa
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4357

    Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.... Read more

    Affected Products : iphone_os tvos
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5770

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3106

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3110

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-3337

    wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.... Read more

    Affected Products : database_server
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-4656

    backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its a... Read more

    Affected Products : backup_manager
    • Published: Sep. 04, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292849 Results