Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-6028

    TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.... Read more

    Affected Products : torrentflux torrentflux
    • EPSS Score: %0.26
    • Published: Sep. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-34354

    IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. ... Read more

    • EPSS Score: %0.02
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-4439

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager D... Read more

    • EPSS Score: %0.38
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-10459

    Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash seque... Read more

    Affected Products : phpkb
    • EPSS Score: %0.42
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-7195

    Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticate... Read more

    • EPSS Score: %0.14
    • Published: Nov. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0746

    The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2019-4635

    IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.... Read more

    Affected Products : security_secret_server
    • EPSS Score: %1.02
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-5492

    Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."... Read more

    Affected Products : maarch
    • EPSS Score: %0.40
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5119

    Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/pa... Read more

    Affected Products : zen_cart zen_cart
    • EPSS Score: %0.75
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2020-8029

    A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/sk... Read more

    Affected Products : caas_platform
    • EPSS Score: %0.04
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-4804

    Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.17
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-0406

    OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.... Read more

    Affected Products : openttd
    • EPSS Score: %0.46
    • Published: May. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-0630

    EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.... Read more

    Affected Products : documentum_taskspace
    • EPSS Score: %0.18
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-9154

    The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.... Read more

    Affected Products : notify
    • EPSS Score: %0.18
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4990

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by l... Read more

    Affected Products : tealeaf_customer_experience
    • EPSS Score: %0.06
    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2006-7217

    Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.... Read more

    Affected Products : derby
    • EPSS Score: %0.44
    • Published: Jul. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2014-0401

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.... Read more

    • EPSS Score: %0.50
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-11040

    In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.... Read more

    Affected Products : debian_linux leap freerdp
    • EPSS Score: %0.12
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-3528

    Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication r... Read more

    • EPSS Score: %2.19
    • Published: Aug. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2008-2608

    Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT.... Read more

    Affected Products : database_server data_pump_component
    • EPSS Score: %0.87
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291780 Results