Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-6422

    The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.... Read more

    • EPSS Score: %0.46
    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-4594

    McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.... Read more

    Affected Products : epolicy_orchestrator
    • EPSS Score: %0.16
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2007-2557

    MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : mambo
    • EPSS Score: %0.19
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-1759

    Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1758.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.93
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3802

    Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.... Read more

    Affected Products : drupal post_affiliate_pro
    • EPSS Score: %0.32
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-0401

    Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.15
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0399

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.22
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2308

    The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors.... Read more

    Affected Products : online_service_gate
    • EPSS Score: %0.18
    • Published: May. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4545

    IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • EPSS Score: %0.41
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-7265

    The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.... Read more

    Affected Products : proftpd
    • EPSS Score: %0.59
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-2774

    The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.... Read more

    Affected Products : mahara
    • EPSS Score: %0.20
    • Published: Nov. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-0682

    WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.... Read more

    Affected Products : wordpress
    • EPSS Score: %22.90
    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-4263

    Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."... Read more

    Affected Products : jdk jre jrockit
    • EPSS Score: %6.50
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2025-43265

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal s... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2006-2297

    Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.... Read more

    Affected Products : infotech_storage_system_library
    • EPSS Score: %61.95
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2009-0996

    Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : application_server
    • EPSS Score: %2.57
    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2025-43226

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2023-42973

    Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2007-5320

    Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2)... Read more

    Affected Products : imagxpress
    • EPSS Score: %5.36
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2022-39894

    Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.... Read more

    Affected Products : android dex
    • EPSS Score: %0.04
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results