Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2005-0937

    Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executin... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.06
    • Published: Feb. 22, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1333

    Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.... Read more

    Affected Products : cups
    • EPSS Score: %0.07
    • Published: May. 10, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-0222

    webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.... Read more

    Affected Products : webmin
    • EPSS Score: %0.07
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1276

    ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.... Read more

    Affected Products : ispell
    • EPSS Score: %0.09
    • Published: Jun. 21, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2527

    Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.... Read more

    Affected Products : java
    • EPSS Score: %0.04
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-0887

    xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.... Read more

    Affected Products : linux xsane
    • EPSS Score: %0.08
    • Published: Jan. 15, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2003-0438

    eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : eldav
    • EPSS Score: %0.08
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2449

    Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.... Read more

    Affected Products : sandbox
    • EPSS Score: %0.10
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2011-1769

    SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script tha... Read more

    Affected Products : systemtap
    • EPSS Score: %0.07
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2013-6891

    lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.... Read more

    Affected Products : cups ubuntu_linux
    • EPSS Score: %0.05
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2011-3440

    The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.... Read more

    Affected Products : iphone_os ipad2
    • EPSS Score: %0.06
    • Published: Nov. 11, 2011
    • Modified: Apr. 11, 2025

  • 1.2

    LOW
    CVE-2009-1707

    Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.... Read more

    Affected Products : safari
    • EPSS Score: %0.07
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 1.1

    LOW
    CVE-2024-51991

    October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files... Read more

    Affected Products : october
    • Published: May. 05, 2025
    • Modified: May. 05, 2025

  • 1.1

    LOW
    CVE-2025-46735

    Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. ... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025

  • 1.0

    LOW
    CVE-2010-2389

    Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Lo... Read more

    Affected Products : database_server fusion_middleware
    • EPSS Score: %0.11
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 1.0

    LOW
    CVE-2025-3301

    DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confident... Read more

    Affected Products :
    • Published: Apr. 29, 2025
    • Modified: May. 02, 2025

  • 1.0

    LOW
    CVE-2025-27608

    Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manage... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025

  • 1.0

    LOW
    CVE-2025-9092

    Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.N... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 1.0

    LOW
    CVE-2014-2488

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.... Read more

    Affected Products : vm_virtualbox
    • EPSS Score: %0.12
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 1.0

    LOW
    CVE-2009-3412

    Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server application_server
    • EPSS Score: %0.24
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025
Showing 20 of 291160 Results