Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2014-3001

    The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.... Read more

    Affected Products : freebsd
    • Published: May. 02, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-2880

    Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back... Read more

    Affected Products : identity_manager
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-2536

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access vi... Read more

    Affected Products : outside_in_technology
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-2558

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. Whi... Read more

    Affected Products : solaris solaris
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-2553

    Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HT... Read more

    Affected Products : knowledge
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-2735

    WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL server... Read more

    Affected Products : winscp
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-2653

    The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.... Read more

    Affected Products : openssh
    • Published: Mar. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-2252

    Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.... Read more

    Affected Products : mailer
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-2583

    Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the ge... Read more

    Affected Products : linux-pam linux-pam
    • Published: Apr. 10, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-2516

    Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-2001

    The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.... Read more

    Affected Products : jr_east_japan
    • Published: Jun. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1986

    The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.... Read more

    Affected Products : camiapp
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2009-5138

    GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a truste... Read more

    Affected Products : gnutls
    • Published: Mar. 07, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1750

    Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NO... Read more

    Affected Products : nokia_maps_\&_places
    • Published: Jul. 01, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1452

    Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.... Read more

    Affected Products : freebsd
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2019-0714

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the h... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-1242

    Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.... Read more

    Affected Products : itunes
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2014-1210

    VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.... Read more

    Affected Products : vsphere_client
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2024-27357

    An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by adm... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-3829

    WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To... Read more

    Affected Products : iphone_os
    • Published: Nov. 26, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results