Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-21533

    Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job d... Read more

    Affected Products : wyse_management_suite
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-2162

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network acce... Read more

    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20632

    Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.... Read more

    Affected Products : office
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8612

    Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-0920

    GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respectiv... Read more

    Affected Products : gitlab
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1210

    intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct c... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-9671

    Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is... Read more

    • Published: Feb. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-8912

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.... Read more

    Affected Products : kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8923

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.... Read more

    Affected Products : curam_social_program_management
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-3546

    The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticat... Read more

    Affected Products : backup_and_migration
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20625

    Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.... Read more

    Affected Products : office
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8987

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-7847

    Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8973

    IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.... Read more

    Affected Products : rational_rhapsody_design_manager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-8475

    FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and preven... Read more

    Affected Products : freebsd
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-42342

    Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')... Read more

    Affected Products : queuemetrics
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-3606

    The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. T... Read more

    Affected Products : profilegrid
    • Published: May. 02, 2024
    • Modified: Feb. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-3626

    The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: May. 23, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-6559

    Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-13754

    Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.... Read more

    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294826 Results