Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2005-0253

    Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.... Read more

    Affected Products : biborb
    • EPSS Score: %5.52
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-3991

    Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3990.... Read more

    • EPSS Score: %0.80
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2021-2340

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • EPSS Score: %0.27
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-2245

    Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy ... Read more

    Affected Products : database database_server
    • EPSS Score: %0.47
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2011-2511

    Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.... Read more

    Affected Products : libvirt
    • EPSS Score: %2.83
    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-0701

    wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.... Read more

    Affected Products : wordpress
    • EPSS Score: %1.01
    • Published: Mar. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-14860

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more

    • EPSS Score: %0.22
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-2535

    Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vul... Read more

    • EPSS Score: %17.29
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2017-5967

    The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_t... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2014-2450

    Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.... Read more

    Affected Products : mysql
    • EPSS Score: %0.29
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6491

    Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.... Read more

    • EPSS Score: %0.57
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2009-0922

    PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding,... Read more

    Affected Products : postgresql
    • EPSS Score: %8.64
    • Published: Mar. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2020-13308

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.29
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-0709

    IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREAT... Read more

    Affected Products : db2
    • EPSS Score: %0.34
    • Published: Mar. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4870

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.... Read more

    • EPSS Score: %19.28
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-39848

    Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-20991

    Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2022-39889

    Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.... Read more

    Affected Products : galaxywatch4plugin
    • EPSS Score: %0.10
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1684

    The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin... Read more

    Affected Products : cube_slider
    • EPSS Score: %0.17
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-34314

    IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. ... Read more

    Affected Products : cics_tx
    • EPSS Score: %0.03
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results