Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.4

    LOW
    CVE-2014-2485

    Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.... Read more

    Affected Products : siebel_crm
    • EPSS Score: %0.18
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 1.4

    LOW
    CVE-2016-0618

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.... Read more

    Affected Products : solaris
    • EPSS Score: %0.08
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.3

    LOW
    CVE-2011-2242

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP.... Read more

    Affected Products : database_server
    • EPSS Score: %0.30
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 1.3

    LOW
    CVE-2025-53374

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organiza... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2015-5464

    The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.... Read more

    • EPSS Score: %0.06
    • Published: Jul. 22, 2015
    • Modified: Apr. 12, 2025

  • 1.3

    LOW
    CVE-2025-53903

    The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac2... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.3

    LOW
    CVE-2025-53904

    The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.3

    LOW
    CVE-2025-46826

    insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal ri... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.2

    LOW
    CVE-2011-1769

    SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script tha... Read more

    Affected Products : systemtap
    • EPSS Score: %0.07
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2006-1059

    The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.... Read more

    Affected Products : samba
    • EPSS Score: %0.46
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-3342

    noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.... Read more

    Affected Products : noweb
    • EPSS Score: %0.06
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-1176

    Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.... Read more

    Affected Products : aix
    • EPSS Score: %0.07
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0271

    Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.... Read more

    Affected Products : gnat_pro_native
    • EPSS Score: %0.08
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2003-1073

    A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the fil... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.16
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0760

    Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, wh... Read more

    Affected Products : bzip2
    • EPSS Score: %0.12
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-1231

    CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file.... Read more

    Affected Products : capi4hylafax
    • EPSS Score: %0.07
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2014-5177

    libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) v... Read more

    • EPSS Score: %0.11
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2001-0138

    privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.... Read more

    • EPSS Score: %0.08
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1331

    mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.... Read more

    Affected Products : debian_linux debian
    • EPSS Score: %0.07
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-4660

    Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted... Read more

    Affected Products : ipcop
    • EPSS Score: %0.07
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291265 Results