Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2017-3800

    A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulne... Read more

    Affected Products : email_security_appliance
    • Published: Jan. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2018-2915

    Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with netw... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-4092

    The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoof... Read more

    Affected Products : unified_computing_system
    • Published: Sep. 26, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-4130

    Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.... Read more

    Affected Products : firefox
    • Published: Dec. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2012-5794

    The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an a... Read more

    Affected Products : oscommerce moneybookers
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-0756

    Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.... Read more

    Affected Products : wikyblog
    • Published: Feb. 27, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2015-6614

    Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation),... Read more

    Affected Products : android
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2018-1612

    IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.... Read more

    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2013-0939

    EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigat... Read more

    • Published: May. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2018-16958

    An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabl... Read more

    Affected Products : webcenter_interaction
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-2597

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attac... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2009-4354

    TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.... Read more

    Affected Products : active\!_mail
    • Published: Dec. 17, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-1691

    A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnera... Read more

    Affected Products : firepower_threat_defense
    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-6190

    Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to ... Read more

    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-1407

    Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel pa... Read more

    Affected Products : helm_web_hosting_control_panel
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2010-2363

    The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended acc... Read more

    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-4104

    Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.... Read more

    Affected Products : joomla
    • Published: Sep. 18, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2014-0671

    Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.... Read more

    Affected Products : mediasense
    • Published: Jan. 22, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-35948

    Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.... Read more

    Affected Products : owncloud
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-34696

    A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of... Read more

    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results