Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2020-4765

    IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.... Read more

    • EPSS Score: %0.04
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-24371

    The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could... Read more

    Affected Products : rsvpmaker
    • EPSS Score: %0.22
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-34599

    Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.... Read more

    Affected Products : android tips
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-23913

    Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access violation.... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4811

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.... Read more

    Affected Products : cloud_pak_for_security
    • EPSS Score: %0.08
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20478

    IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.... Read more

    Affected Products : cloud_pak_system
    • EPSS Score: %0.04
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-20191

    A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Hand... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-31406

    Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %0.05
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-21429

    OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave ap... Read more

    Affected Products : openapi_generator
    • EPSS Score: %0.05
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-28566

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure o... Read more

    Affected Products : magento magento_commerce
    • EPSS Score: %0.84
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-2655

    Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary di... Read more

    • EPSS Score: %19.09
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4428

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management.... Read more

    • EPSS Score: %0.38
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-39914

    Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-34583

    Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-30487

    In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.21
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-4754

    The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions ... Read more

    Affected Products : freebsd mac_os_x netbsd openbsd
    • EPSS Score: %1.83
    • Published: Mar. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-2366

    upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.25
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2446

    Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors related to QAS.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.17
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3132

    SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.... Read more

    Affected Products : background_processing
    • EPSS Score: %0.25
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-4679

    vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.16
    • Published: Dec. 07, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291672 Results