Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.5

    LOW
    CVE-2006-0678

    PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a differen... Read more

    Affected Products : postgresql
    • Published: Feb. 14, 2006
    • Modified: Apr. 03, 2025

  • 1.5

    LOW
    CVE-2012-5616

    Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair A... Read more

    Affected Products : cloudstack cloudplatform
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.5

    LOW
    CVE-2007-4126

    Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.... Read more

    Affected Products : solaris
    • Published: Aug. 01, 2007
    • Modified: Apr. 09, 2025

  • 1.4

    LOW
    CVE-2016-0618

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.4

    LOW
    CVE-2014-2485

    Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.... Read more

    Affected Products : siebel_crm
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 1.3

    LOW
    CVE-2025-53904

    The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.3

    LOW
    CVE-2025-46826

    insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal ri... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2011-2242

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 1.3

    LOW
    CVE-2025-53374

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organiza... Read more

    Affected Products : dokploy
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2015-5464

    The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.... Read more

    • Published: Jul. 22, 2015
    • Modified: Apr. 12, 2025

  • 1.3

    LOW
    CVE-2025-53903

    The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac2... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.2

    LOW
    CVE-2000-0718

    A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.... Read more

    Affected Products : mandrake_linux
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-1176

    Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.... Read more

    Affected Products : aix
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0271

    Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.... Read more

    Affected Products : gnat_pro_native
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2015-0489

    Unspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via vectors related to EBS Plugin.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2005-3342

    noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.... Read more

    Affected Products : noweb
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0296

    The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.... Read more

    Affected Products : tarantella_enterprise
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2001-1047

    Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor i... Read more

    Affected Products : openbsd
    • Published: Jun. 02, 2001
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2015-4823

    Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy.... Read more

    Affected Products : hyperion
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.2

    LOW
    CVE-2006-5214

    Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed... Read more

    Affected Products : solaris sunos netbsd
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294125 Results