Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2013-4708

    The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 genera... Read more

    • EPSS Score: %0.20
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3522

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • EPSS Score: %0.20
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-3945

    The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to ... Read more

    Affected Products : typo3
    • EPSS Score: %0.20
    • Published: Jun. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-1645

    Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.... Read more

    Affected Products : open-xchange_server
    • EPSS Score: %1.10
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4585

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL.... Read more

    • EPSS Score: %0.16
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-3391

    IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Sec... Read more

    Affected Products : rational_build_forge
    • EPSS Score: %0.33
    • Published: Sep. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-5036

    traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • EPSS Score: %0.40
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4039

    IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.... Read more

    • EPSS Score: %0.38
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2019-4207

    IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.04
    • Published: May. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-0878

    Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    • EPSS Score: %0.28
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-5033

    IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of mu... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • EPSS Score: %0.20
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3980

    Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/ser... Read more

    Affected Products : businessobjects
    • EPSS Score: %0.41
    • Published: Oct. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-2355

    The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.... Read more

    Affected Products : nulllogic_groupware
    • EPSS Score: %0.46
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2014-3277

    The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information... Read more

    • EPSS Score: %0.36
    • Published: May. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-5382

    IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.... Read more

    Affected Products : maximo_asset_management
    • EPSS Score: %0.23
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4502

    The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.... Read more

    Affected Products : drupal filefield_sources
    • EPSS Score: %0.17
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-4593

    The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sess... Read more

    Affected Products : lotus_mobile_connect
    • EPSS Score: %0.41
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3972

    IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : maximo_asset_management
    • EPSS Score: %0.20
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0562

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway, a different vulnerability than CVE-2012-1... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.37
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-2180

    The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.... Read more

    • EPSS Score: %0.06
    • Published: Apr. 29, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291741 Results