Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2007-0836

    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NO... Read more

    • EPSS Score: %2.46
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-3249

    HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : fortify_software_security_center
    • EPSS Score: %0.24
    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3701

    lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.... Read more

    Affected Products : enterprise_mrg enterprise_mrg
    • EPSS Score: %0.62
    • Published: Oct. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1108

    Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.... Read more

    Affected Products : webex_training_center
    • EPSS Score: %0.16
    • Published: Jan. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-1298

    Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fr... Read more

    Affected Products : pulse_cms
    • EPSS Score: %0.06
    • Published: Apr. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-2011

    Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.... Read more

    Affected Products : dynamics_gp
    • EPSS Score: %25.14
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4594

    McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.... Read more

    Affected Products : epolicy_orchestrator
    • EPSS Score: %0.16
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-8029

    A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/sk... Read more

    Affected Products : caas_platform
    • EPSS Score: %0.04
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-4847

    IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte.... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.36
    • Published: Nov. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-0746

    The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-1212

    Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.... Read more

    Affected Products : mp_form_mail_cgi
    • EPSS Score: %0.20
    • Published: Jun. 05, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2185

    The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.18
    • Published: Apr. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-1759

    Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1758.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.93
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3117

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.38
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4435

    fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.... Read more

    Affected Products : fwknop
    • EPSS Score: %1.25
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-0422

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors relate... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.26
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-4768

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote authenticated users to affect confidentiality via unknown ... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.20
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0630

    EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.... Read more

    Affected Products : documentum_taskspace
    • EPSS Score: %0.18
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-3802

    Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.... Read more

    Affected Products : drupal post_affiliate_pro
    • EPSS Score: %0.32
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-5482

    Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin... Read more

    Affected Products : gd_bbpress_attachments
    • EPSS Score: %0.65
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291741 Results