Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2018-20932

    cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.23
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-19018

    An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.... Read more

    Affected Products : webtitan
    • EPSS Score: %0.36
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-18819

    NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.... Read more

    Affected Products : readynas_os
    • EPSS Score: %0.05
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-18393

    cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.25
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-18395

    cPanel before 68.0.15 does not block a username of ssl (SEC-328).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.25
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-18401

    cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.26
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4846

    IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.22
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-24403

    Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorize... Read more

    Affected Products : magento magento_commerce
    • EPSS Score: %0.27
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4706

    IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.... Read more

    • EPSS Score: %0.14
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4650

    IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.... Read more

    Affected Products : maximo_spatial_asset_management
    • EPSS Score: %0.04
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-14341

    The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installat... Read more

    Affected Products : single_sign-on
    • EPSS Score: %0.30
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4699

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.... Read more

    • EPSS Score: %0.08
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4344

    IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.... Read more

    Affected Products : tivoli_business_service_manager
    • EPSS Score: %0.05
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4906

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-0309

    Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.... Read more

    Affected Products : befvp41
    • EPSS Score: %1.15
    • Published: Jan. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2021-35633

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols ... Read more

    • EPSS Score: %0.10
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2005-3813

    IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690.... Read more

    • EPSS Score: %6.23
    • Published: Nov. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2013-0669

    The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.... Read more

    Affected Products : wincc_tia_portal
    • EPSS Score: %0.17
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3824

    Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Manufacturing/Mfg Parts.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.38
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-3187

    The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has... Read more

    Affected Products : xcode subversion
    • EPSS Score: %0.51
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291756 Results