Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2002-0435

    Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it ... Read more

    Affected Products : linux fileutils
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1146

    AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.... Read more

    Affected Products : allcommerce
    • Published: Jul. 11, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1301

    rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.... Read more

    Affected Products : emacs xemacs
    • Published: Aug. 07, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1333

    Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.... Read more

    Affected Products : cups
    • Published: May. 10, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0141

    Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.... Read more

    Affected Products : maelstrom_gpl
    • Published: Mar. 25, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1346

    Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.... Read more

    Affected Products : arcserve_backup arcserve_backup
    • Published: May. 18, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2000-0371

    The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.... Read more

    Affected Products : kde
    • Published: Mar. 01, 1999
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-1999-1042

    Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.... Read more

    Affected Products : resource_manager
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2449

    Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.... Read more

    Affected Products : sandbox
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-0222

    webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.... Read more

    Affected Products : webmin
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-1824

    Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter.... Read more

    Affected Products : phpguestbook
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-3551

    NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send ... Read more

    Affected Products : secure_client
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 1.1

    LOW
    CVE-2025-46735

    Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. ... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 1.0

    LOW
    CVE-2025-7844

    Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or imp... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 1.0

    LOW
    CVE-2025-9092

    Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.N... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 1.0

    LOW
    CVE-2008-3986

    Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : application_server
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 1.0

    LOW
    CVE-2025-49842

    conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the ro... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 1.0

    LOW
    CVE-2004-2648

    FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.... Read more

    Affected Products : freezex
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 1.0

    LOW
    CVE-2010-4431

    Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.... Read more

    Affected Products : java_system_portal_server
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 1.0

    LOW
    CVE-2024-12975

    A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.... Read more

    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293609 Results