Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-8901

    IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.... Read more

    Affected Products : db2
    • EPSS Score: %1.58
    • Published: Dec. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-1774

    The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgep... Read more

    • EPSS Score: %0.09
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1727

    Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local ... Read more

    Affected Products : android firefox
    • EPSS Score: %2.24
    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0120

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.72
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0119

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.72
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1696

    Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.... Read more

    Affected Products : firefox
    • EPSS Score: %0.43
    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1618

    The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-reco... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.53
    • Published: Feb. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3553

    chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and clo... Read more

    Affected Products : asterisk open_source
    • EPSS Score: %0.07
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-1617

    user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.... Read more

    Affected Products : moodle
    • EPSS Score: %0.27
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-2611

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.... Read more

    Affected Products : ubuntu_linux mysql
    • EPSS Score: %0.77
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-1687

    Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.... Read more

    Affected Products : rt request_tracker
    • EPSS Score: %0.50
    • Published: Apr. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-58131

    FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.... Read more

    Affected Products : fisco-bcos
    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2025-25201

    Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the i... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2011-3638

    fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.15
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-0437

    shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.... Read more

    Affected Products : domain_technologie_control
    • EPSS Score: %1.21
    • Published: Mar. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-58133

    In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write confl... Read more

    Affected Products :
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Race Condition

  • 4.0

    MEDIUM
    CVE-2011-1319

    The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) t... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.41
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-58132

    In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic.... Read more

    Affected Products :
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Race Condition

  • 4.0

    MEDIUM
    CVE-2011-3387

    The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the w... Read more

    Affected Products : java
    • EPSS Score: %0.71
    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-55538

    Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Authentication
Showing 20 of 291638 Results