Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2004-2696

    BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2011-2272

    Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProcuremen... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-2916

    qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.... Read more

    Affected Products : qtnx
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-4285

    The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.... Read more

    Affected Products : moodle
    • Published: Jul. 16, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2016-3809

    The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3996

    ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.... Read more

    Affected Products : knox
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-4305

    A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An att... Read more

    Affected Products : internet_security
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-4790

    Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via un... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Published: May. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-9493

    The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.... Read more

    • Published: Jan. 07, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-9897

    sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android inte... Read more

    Affected Products : android
    • Published: Aug. 06, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6522

    Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6708

    An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user inter... Read more

    Affected Products : android
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6752

    An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permi... Read more

    Affected Products : android
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6900

    The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 serve... Read more

    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6910

    The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or ... Read more

    Affected Products : android
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2017-0414

    An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain... Read more

    Affected Products : android
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0498

    A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions... Read more

    Affected Products : android
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0557

    An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Prod... Read more

    Affected Products : android
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10012

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privi... Read more

    Affected Products : flexcube_private_banking
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10072

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily expl... Read more

    Affected Products : flexcube_universal_banking
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294337 Results