Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2019-1969

    A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is c... Read more

    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-0718

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the h... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-8512

    A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft... Read more

    Affected Products : edge windows_10
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-4787

    The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_p... Read more

    Affected Products : cost_calculator_builder
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-6143

    X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11... Read more

    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-3252

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerabil... Read more

    Affected Products : jdk jre jrockit
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2021-30539

    Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-2315

    Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with ne... Read more

    Affected Products : http_server
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-2052

    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-29425

    In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not f... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-0557

    Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.... Read more

    Affected Products : fedora arj_archiver
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-7274

    The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain s... Read more

    Affected Products : getmail
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2021-27839

    A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not... Read more

    Affected Products : online_invoicing_system
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-2243

    includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via... Read more

    Affected Products : mediawiki
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2021-27503

    Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife ... Read more

    Affected Products : mylife mylife_cloud
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-0375

    Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.... Read more

    Affected Products : jdk jre
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2879

    Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing atta... Read more

    Affected Products : debian_linux chrome
    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-4516

    librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.... Read more

    Affected Products : librdmacm
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-26699

    OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-1586

    Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a ... Read more

    Affected Products : kde_sc
    • Published: Apr. 27, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294860 Results