Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2012-2358

    Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist... Read more

    Affected Products : moodle
    • Published: Jul. 21, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2012-3140

    Unspecified vulnerability in the Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Re... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2022-44081

    Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail.... Read more

    Affected Products : lodepng
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2013-6373

    The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.... Read more

    Affected Products : exclusion
    • Published: Nov. 25, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2013-7196

    static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.... Read more

    Affected Products : phpfox
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-2365

    Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-6122

    IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folder... Read more

    • Published: Dec. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-0171

    Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : security_siteprotector_system
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-0180

    The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors.... Read more

    Affected Products : infosphere_information_server
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5149

    Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.... Read more

    Affected Products : manageengine_supportcenter_plus
    • Published: Jun. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5021

    IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.... Read more

    Affected Products : infosphere_information_server
    • Published: Nov. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2018-3970

    An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosu... Read more

    Affected Products : hitmanpro.alert
    • Published: Oct. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-15437

    A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow ex... Read more

    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-3696

    Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access.... Read more

    Affected Products : raid_web_console_3
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-19329

    GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.... Read more

    Affected Products : greencms greencms
    • Published: Nov. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-19388

    FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.... Read more

    Affected Products : foxit_reader reader
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-6266

    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.... Read more

    Affected Products : geforce_experience windows
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-7112

    The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-9554

    In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-18096

    Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.... Read more

    Affected Products : quickassist_technology_for_linux
    • Published: Dec. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results