Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-0124

    The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trig... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.17
    • Published: Apr. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3054

    fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories wh... Read more

    Affected Products : php
    • EPSS Score: %0.57
    • Published: Sep. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5298

    chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.... Read more

    Affected Products : chm2pdf
    • EPSS Score: %0.06
    • Published: Dec. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-1127

    The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.... Read more

    Affected Products : safari
    • EPSS Score: %0.06
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-2415

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from t... Read more

    Affected Products : jdk jre
    • EPSS Score: %0.11
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-0675

    The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the dr... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Feb. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-4158

    The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obt... Read more

    • EPSS Score: %0.34
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0563

    The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.... Read more

    Affected Products : freenet6
    • EPSS Score: %0.05
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-4805

    IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.... Read more

    Affected Products : linux_kernel aix db2
    • EPSS Score: %0.05
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-4132

    The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value... Read more

    • EPSS Score: %0.12
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-2551

    Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.... Read more

    Affected Products : hp-ux
    • EPSS Score: %0.08
    • Published: May. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-3156

    Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTM... Read more

    Affected Products : drupal date
    • EPSS Score: %0.46
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-1780

    The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.07
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.0

    LOW
    CVE-2024-57257

    A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025

  • 2.0

    LOW
    CVE-2025-43489

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 2.0

    LOW
    CVE-2024-52008

    Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces passwo... Read more

    Affected Products : fides
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.0

    LOW
    CVE-2024-53261

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scr... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.0

    LOW
    CVE-2025-2920

    A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical dev... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025

  • 2.0

    LOW
    CVE-2025-46812

    Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary ... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025

  • 2.0

    LOW
    CVE-2024-52286

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing an... Read more

    Affected Products : stirling_pdf
    • Published: Nov. 11, 2024
    • Modified: Jan. 09, 2025
Showing 20 of 291160 Results