Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2012-3491

    src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.... Read more

    Affected Products : condor
    • EPSS Score: %1.12
    • Published: Sep. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-1595

    The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.... Read more

    Affected Products : openfire
    • EPSS Score: %11.20
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2011-2238

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL.... Read more

    Affected Products : database_server
    • EPSS Score: %0.18
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-4811

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.... Read more

    Affected Products : cloud_pak_for_security
    • EPSS Score: %0.08
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-20191

    A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Hand... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-21429

    OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave ap... Read more

    Affected Products : openapi_generator
    • EPSS Score: %0.05
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-125110

    A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross si... Read more

    Affected Products : wordpress_file_upload
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-32633

    An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.... Read more

    Affected Products :
    • Published: Apr. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-35762

    bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.... Read more

    Affected Products : bloofoxcms
    • EPSS Score: %0.26
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-31406

    Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security... Read more

    Affected Products : vaadin flow flow-server
    • EPSS Score: %0.05
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20575

    IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.... Read more

    • EPSS Score: %0.04
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-36826

    A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Thi... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-10131

    A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site script... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-14341

    The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installat... Read more

    Affected Products : single_sign-on
    • EPSS Score: %0.30
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-4966

    A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-14590

    Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with netwo... Read more

    • EPSS Score: %0.20
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-2175

    Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View pri... Read more

    Affected Products : database_server
    • EPSS Score: %0.36
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-15184

    In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. ... Read more

    Affected Products : helm
    • EPSS Score: %0.23
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-2789

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    • EPSS Score: %0.31
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-14564

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.21
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results