Latest CVE Feed
-
4.0
MEDIUMCVE-2004-0908
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.... Read more
- EPSS Score: %5.17
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2012-2997
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.... Read more
Affected Products : big-ip_configuration_utility- EPSS Score: %9.46
- Published: Jan. 21, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2005-1699
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.... Read more
Affected Products : postnuke- EPSS Score: %0.33
- Published: May. 24, 2005
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2010-0682
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.... Read more
Affected Products : wordpress- EPSS Score: %22.90
- Published: Feb. 23, 2010
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2025-43265
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal s... Read more
- Published: Jul. 30, 2025
- Modified: Aug. 01, 2025
- Vuln Type: Information Disclosure
-
4.0
MEDIUMCVE-2025-43226
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may ... Read more
- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Information Disclosure
-
4.0
MEDIUMCVE-2021-2326
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to... Read more
- EPSS Score: %0.18
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2022-2047
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to f... Read more
- EPSS Score: %0.88
- Published: Jul. 07, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2023-23003
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.... Read more
Affected Products : linux_kernel- EPSS Score: %0.02
- Published: Mar. 01, 2023
- Modified: Mar. 20, 2025
-
4.0
MEDIUMCVE-2006-2024
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) ti... Read more
Affected Products : libtiff- EPSS Score: %12.31
- Published: Apr. 25, 2006
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2016-0823
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721... Read more
- EPSS Score: %0.02
- Published: Mar. 12, 2016
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2021-2245
Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy ... Read more
- EPSS Score: %0.47
- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other no... Read more
- EPSS Score: %0.38
- Published: Mar. 20, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2013-2357
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.... Read more
Affected Products : system_management_homepage- EPSS Score: %0.24
- Published: Jul. 22, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2006-3861
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.... Read more
Affected Products : informix_dynamic_server- EPSS Score: %0.43
- Published: Aug. 08, 2006
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2016-0503
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.... Read more
- EPSS Score: %0.72
- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-8374
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.... Read more
Affected Products : linux_kernel- EPSS Score: %0.04
- Published: Dec. 28, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2001-0361
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 vers... Read more
- EPSS Score: %1.49
- Published: Jun. 27, 2001
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2015-6413
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.... Read more
Affected Products : telepresence_video_communication_server_software- EPSS Score: %0.17
- Published: Dec. 13, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2006-5198
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."... Read more
Affected Products : winzip- EPSS Score: %73.44
- Published: Nov. 14, 2006
- Modified: Apr. 09, 2025