Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2006-4680

    The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.... Read more

    • EPSS Score: %0.54
    • Published: Sep. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2013-3959

    The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated user... Read more

    Affected Products : simatic_pcs7 wincc
    • EPSS Score: %0.16
    • Published: Jun. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2018-19420

    In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upl... Read more

    Affected Products : getsimple_cms getsimple_cms
    • EPSS Score: %0.22
    • Published: Nov. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-10424

    mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.... Read more

    Affected Products : minicms minicms
    • EPSS Score: %0.23
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-6319

    IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions... Read more

    Affected Products : algo_one
    • EPSS Score: %0.12
    • Published: Mar. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2009-2125

    delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.... Read more

    Affected Products : elvinbts
    • EPSS Score: %0.15
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2022-1688

    The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections... Read more

    Affected Products : note_press
    • EPSS Score: %0.17
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-10521

    In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.28
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-0787

    wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false info... Read more

    Affected Products : wimpy_mp3
    • EPSS Score: %3.17
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2022-22272

    Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-4269

    Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-42... Read more

    Affected Products : hyperion
    • EPSS Score: %0.58
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6212

    The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, ... Read more

    • EPSS Score: %0.21
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-2280

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-227... Read more

    • EPSS Score: %0.29
    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-34583

    Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-0724

    The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.28
    • Published: Feb. 13, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-29671

    IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.... Read more

    Affected Products : spectrum_scale
    • EPSS Score: %0.04
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-0656

    Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.... Read more

    Affected Products : context_directory_agent
    • EPSS Score: %0.38
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3428

    The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65... Read more

    Affected Products : secure_access_control_system
    • EPSS Score: %0.16
    • Published: Jul. 15, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2016-3021

    IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.... Read more

    • EPSS Score: %0.07
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2014-0640

    EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.... Read more

    Affected Products : rsa_archer_egrc
    • EPSS Score: %0.20
    • Published: Aug. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291589 Results