Latest CVE Feed
-
4.0
MEDIUMCVE-2014-2612
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more
- EPSS Score: %7.16
- Published: Jun. 28, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2012-3200
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV.... Read more
Affected Products : supply_chain_products_suite- EPSS Score: %0.20
- Published: Oct. 17, 2012
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-6482
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant.... Read more
Affected Products : peoplesoft_products- EPSS Score: %0.19
- Published: Oct. 15, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2012-0263
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to s... Read more
Affected Products : monitor- EPSS Score: %0.74
- Published: Dec. 31, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2019-16181
In Limesurvey before 3.17.14, admin users can mark other users' notifications as read.... Read more
Affected Products : limesurvey- EPSS Score: %0.24
- Published: Sep. 09, 2019
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2013-5676
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.... Read more
- EPSS Score: %5.31
- Published: Dec. 13, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2006-2185
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.... Read more
Affected Products : netware- EPSS Score: %0.37
- Published: May. 22, 2006
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.... Read more
Affected Products : glpi- EPSS Score: %0.15
- Published: Oct. 05, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2010-3515
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver.... Read more
- EPSS Score: %0.17
- Published: Oct. 14, 2010
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2024-38480
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.... Read more
Affected Products :- Published: Jul. 01, 2024
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2014-7846
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restr... Read more
Affected Products : moodle- EPSS Score: %0.24
- Published: Nov. 24, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2022-1690
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection... Read more
Affected Products : note_press- EPSS Score: %0.17
- Published: Jun. 08, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2006-1119
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.... Read more
- EPSS Score: %0.18
- Published: Mar. 09, 2006
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classe... Read more
Affected Products : play_framework- EPSS Score: %0.18
- Published: Dec. 03, 2020
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2024-34650
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.... Read more
- Published: Sep. 04, 2024
- Modified: Sep. 05, 2024
-
4.0
MEDIUMCVE-2011-2280
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-227... Read more
- EPSS Score: %0.29
- Published: Jul. 21, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-7831
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role t... Read more
Affected Products : moodle- EPSS Score: %0.25
- Published: Nov. 24, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2022-22272
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission... Read more
- EPSS Score: %0.02
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2018-0109
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. T... Read more
Affected Products : webex_meetings_server- EPSS Score: %0.25
- Published: Jan. 18, 2018
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2015-3646
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone ... Read more
- EPSS Score: %0.15
- Published: May. 12, 2015
- Modified: Apr. 12, 2025