Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2014-4159

    Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.... Read more

    Affected Products : supplier_relationship_management
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1895

    Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive informatio... Read more

    Affected Products : xen
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-0149

    The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before... Read more

    • Published: Aug. 05, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-29028

    memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerab... Read more

    Affected Products : memos
    • Published: Apr. 19, 2024
    • Modified: Jul. 07, 2025

  • 5.8

    MEDIUM
    CVE-2014-3902

    The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ameba
    • Published: Aug. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2010-5293

    wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substrin... Read more

    Affected Products : wordpress
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-1000

    Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.... Read more

    Affected Products : kde_sc
    • Published: May. 17, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-17060

    Microsoft SharePoint Server Spoofing Vulnerability... Read more

    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-35655

    In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.... Read more

    Affected Products : fedora pillow
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-35591

    Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the... Read more

    Affected Products : pi-hole
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-3577

    org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o... Read more

    Affected Products : httpclient httpasyncclient
    • Published: Aug. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2006-0298

    The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.... Read more

    Affected Products : firefox seamonkey
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2014-3302

    user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.... Read more

    Affected Products : webex_meetings_server
    • Published: Aug. 01, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2008-3905

    resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses,... Read more

    Affected Products : ruby
    • Published: Sep. 04, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-5133

    ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remo... Read more

    Affected Products : solaris opensolaris
    • Published: Nov. 18, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2014-3320

    Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi... Read more

    • Published: Jul. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-3283

    Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing... Read more

    • Published: May. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-2767

    Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java ... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-0092

    lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.... Read more

    Affected Products : gnutls
    • Published: Mar. 07, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-2685

    Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthe... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results