Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2016-3002

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.... Read more

    Affected Products : connections
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0415

    Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.... Read more

    Affected Products : linux_kernel fedora_core secure_linux
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-2058

    setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.... Read more

    Affected Products : prewikka
    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-0901

    Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary.... Read more

    Affected Products : database_server
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-2588

    Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : jdeveloper application_server
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-1000

    lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.... Read more

    Affected Products : lintian
    • Published: Jan. 10, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-1173

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were us... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-0564

    Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT... Read more

    Affected Products : debian_linux pppoe
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-6210

    zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.... Read more

    Affected Products : zabbix_agentd
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0136

    The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0824

    PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-3024

    libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.... Read more

    Affected Products : clamav clamav
    • Published: Jun. 07, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2025-0883

    Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.1

    LOW
    CVE-2011-1172

    net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se... Read more

    Affected Products : linux_kernel
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-1762

    The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-4171

    The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).... Read more

    Affected Products : systemtap
    • Published: Dec. 07, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4352

    Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.... Read more

    Affected Products : d-bus
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2024-42193

    HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability ... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2016-8305

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnera... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 2.1

    LOW
    CVE-2024-42325

    Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.... Read more

    Affected Products : zabbix
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 294327 Results