Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-20962

    Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2022-1684

    The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin... Read more

    Affected Products : cube_slider
    • EPSS Score: %0.17
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20551

    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.... Read more

    Affected Products : linux_kernel windows jazz_team_server
    • EPSS Score: %0.04
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-20031

    A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be... Read more

    Affected Products : phplist
    • EPSS Score: %0.22
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-39848

    Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21464

    Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.... Read more

    Affected Products : android calendar
    • EPSS Score: %0.04
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21447

    Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.... Read more

    Affected Products : cloud
    • EPSS Score: %0.05
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-0234

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.... Read more

    Affected Products : openpages_grc_platform
    • EPSS Score: %0.03
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-2631

    phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.... Read more

    Affected Products : phpfox
    • EPSS Score: %0.42
    • Published: May. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2018-3076

    Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker wit... Read more

    • EPSS Score: %0.22
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4556

    IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329.... Read more

    Affected Products : financial_transaction_manager
    • EPSS Score: %0.03
    • Published: Mar. 15, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-11352

    The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the config... Read more

    Affected Products : wallabag
    • EPSS Score: %0.45
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-4237

    Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.54
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2136

    HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.... Read more

    Affected Products : arcsight_logger
    • EPSS Score: %0.14
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0461

    Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.41
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6538

    Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294... Read more

    Affected Products : database_server
    • EPSS Score: %0.15
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0467

    Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.15
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2271

    tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass inte... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-4310

    Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4... Read more

    Affected Products : database_server
    • EPSS Score: %0.17
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-4556

    The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate ... Read more

    Affected Products : certificate_system
    • EPSS Score: %0.38
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291737 Results