Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2020-15118

    In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags ... Read more

    Affected Products : wagtail wagtail
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-4438

    Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).... Read more

    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2021-22194

    In all versions of GitLab, marshalled session keys were being stored in Redis.... Read more

    Affected Products : gitlab
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-0714

    Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a pack... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 04, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2010-3017

    Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors.... Read more

    Affected Products : access_manager_agent
    • Published: Sep. 09, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2022-47951

    An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that ... Read more

    Affected Products : debian_linux glance nova cinder glance
    • Published: Jan. 26, 2023
    • Modified: Mar. 31, 2025

  • 5.7

    MEDIUM
    CVE-2024-11703

    On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 05, 2025

  • 5.7

    MEDIUM
    CVE-2019-0949

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-... Read more

    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2009-1156

    Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a... Read more

    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 5.7

    MEDIUM
    CVE-2020-13462

    Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.... Read more

    Affected Products : securetrack
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-13348

    An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.... Read more

    Affected Products : gitlab
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-10146

    The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary com... Read more

    Affected Products : teams
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-9158

    Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.... Read more

    Affected Products : ezio_ds3_server
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-9157

    Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.... Read more

    Affected Products : ezio_ds3_server
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-8804

    An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-7231

    The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overf... Read more

    • Published: Jun. 24, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-4425

    IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.... Read more

    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-3418

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.... Read more

    Affected Products : zxhn_f670_firmware zxhn_f670
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-2956

    Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privile... Read more

    Affected Products : database database_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-2840

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerab... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294742 Results