Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2007-3719

    The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Sup... Read more

    Affected Products : linux_kernel
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0023

    gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.... Read more

    Affected Products : libvte4 libzvt2
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1119

    Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : sudo
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-0547

    client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a craft... Read more

    Affected Products : samba
    • Published: Feb. 04, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-0441

    IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive informati... Read more

    Affected Products : tivoli_business_service_manager
    • Published: Jan. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-0663

    Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.... Read more

    • Published: Feb. 08, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-0423

    The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.... Read more

    Affected Products : ssmtp
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-1033

    The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment var... Read more

    Affected Products : cups mac_os_x mac_os_x_server
    • Published: Jun. 02, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2025-3840

    An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2008-1005

    WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.... Read more

    Affected Products : safari
    • Published: Mar. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2025-27726

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product'... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 2.1

    LOW
    CVE-2008-0889

    Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.... Read more

    Affected Products : enterprise_linux directory_server
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-6551

    Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6436

    The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and l... Read more

    Affected Products : libvirt
    • Published: Jan. 07, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3284

    pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.... Read more

    Affected Products : openafs
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-0164

    openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by rea... Read more

    Affected Products : openshift openshift
    • Published: May. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-5863

    IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-0636

    Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."... Read more

    Affected Products : incron
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5724

    Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.... Read more

    Affected Products : icq
    • Published: Nov. 04, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-6953

    The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.... Read more

    Affected Products : mobility_manager
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293351 Results