Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.0

    MEDIUM
    CVE-2013-2761

    The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client.... Read more

    Affected Products : modicon_m340
    • EPSS Score: %0.54
    • Published: Apr. 04, 2013
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2015-0388

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417.... Read more

    Affected Products : siebel_crm
    • EPSS Score: %0.22
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
  • 4.0

    MEDIUM
    CVE-2014-9749

    Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."... Read more

    Affected Products : opensuse squid
    • EPSS Score: %0.98
    • Published: Nov. 06, 2015
    • Modified: Apr. 12, 2025
  • 4.0

    MEDIUM
    CVE-2014-9278

    The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intende... Read more

    Affected Products : enterprise_linux openssh fedora
    • EPSS Score: %0.35
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025
  • 4.0

    MEDIUM
    CVE-2019-19073

    Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() ... Read more

    Affected Products : linux_kernel fedora leap
    • EPSS Score: %0.08
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024
  • 4.0

    MEDIUM
    CVE-2021-35623

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more

    • EPSS Score: %0.23
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024
  • 4.0

    MEDIUM
    CVE-2011-3346

    Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOT... Read more

    Affected Products : enterprise_linux qemu xen
    • EPSS Score: %0.12
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025
  • 4.0

    MEDIUM
    CVE-2012-5329

    Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.... Read more

    Affected Products : typsoft_ftp_server
    • EPSS Score: %5.92
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2020-13342

    An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email... Read more

    Affected Products : gitlab
    • EPSS Score: %0.13
    • Published: Oct. 07, 2020
    • Modified: Nov. 21, 2024
  • 4.0

    MEDIUM
    CVE-2017-1000369

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that... Read more

    Affected Products : debian_linux exim
    • EPSS Score: %0.40
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025
  • 4.0

    MEDIUM
    CVE-2010-3677

    Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.... Read more

    Affected Products : mysql mysql
    • EPSS Score: %1.01
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2010-4755

    The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service... Read more

    Affected Products : openssh freebsd netbsd openbsd
    • EPSS Score: %0.55
    • Published: Mar. 02, 2011
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2006-3469

    Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format fun... Read more

    Affected Products : mysql mysql
    • EPSS Score: %27.04
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
  • 4.0

    MEDIUM
    CVE-2020-2572

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network acce... Read more

    • EPSS Score: %0.32
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024
  • 4.0

    MEDIUM
    CVE-2011-1923

    The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related ... Read more

    Affected Products : polarssl
    • EPSS Score: %0.36
    • Published: Jun. 20, 2012
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2014-0366

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.38
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2025-30721

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the ... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service
  • 4.0

    MEDIUM
    CVE-2008-5009

    Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.... Read more

    Affected Products : sunos solstice_x.25
    • EPSS Score: %0.04
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025
  • 4.0

    MEDIUM
    CVE-2011-0418

    The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT... Read more

    Affected Products : pure-ftpd netbsd
    • EPSS Score: %14.23
    • Published: May. 24, 2011
    • Modified: Apr. 11, 2025
  • 4.0

    MEDIUM
    CVE-2008-2611

    Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors.... Read more

    • EPSS Score: %0.87
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291641 Results