Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2015-4766

    Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.... Read more

    Affected Products : mysql
    • EPSS Score: %0.13
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-1197

    cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.... Read more

    Affected Products : cpio
    • EPSS Score: %3.33
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2005-3126

    The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.... Read more

    Affected Products : antiword
    • EPSS Score: %0.06
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2012-4535

    Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4419

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-4369

    The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.... Read more

    Affected Products : xen
    • EPSS Score: %0.06
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-0349

    The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCON... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2021-2232

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infras... Read more

    • EPSS Score: %0.14
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 1.9

    LOW
    CVE-2013-5169

    CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.13
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-1446

    arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel me... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4076

    The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGIC... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4469

    OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an imag... Read more

    Affected Products : nova folsom grizzly havana
    • EPSS Score: %0.06
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-1921

    PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4368

    The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content... Read more

    Affected Products : xen
    • EPSS Score: %0.09
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-1651

    IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local ... Read more

    Affected Products : websphere_application_server z\/os
    • EPSS Score: %0.05
    • Published: May. 03, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-2371

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-2372.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.07
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-0437

    The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-1073

    crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files v... Read more

    Affected Products : freebsd mac_os_x
    • EPSS Score: %0.02
    • Published: Mar. 04, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3116

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.09
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2016-0436

    Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-... Read more

    Affected Products : retail_applications
    • EPSS Score: %0.28
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291153 Results