Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-0415

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Session Management.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.43
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-21781

    An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak ke... Read more

    • EPSS Score: %0.02
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-4300

    Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, C... Read more

    Affected Products : database_server
    • EPSS Score: %0.17
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6413

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.... Read more

    • EPSS Score: %0.17
    • Published: Dec. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2006-6058

    The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.18
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5198

    The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."... Read more

    Affected Products : winzip
    • EPSS Score: %73.44
    • Published: Nov. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2016-0823

    The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.02
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2008-4307

    Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper ha... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jan. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-2357

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.... Read more

    Affected Products : system_management_homepage
    • EPSS Score: %0.24
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4239

    The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.... Read more

    Affected Products : libvirt
    • EPSS Score: %0.58
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-3934

    Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.... Read more

    Affected Products : opencms
    • EPSS Score: %0.44
    • Published: Jul. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-3861

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.... Read more

    Affected Products : informix_dynamic_server
    • EPSS Score: %0.43
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2013-2275

    The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other no... Read more

    • EPSS Score: %0.38
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-2024

    Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) ti... Read more

    Affected Products : libtiff
    • EPSS Score: %12.31
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2016-0562

    Unspecified vulnerability in the Oracle Common Applications component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via vectors related to CRM User Management Framework.... Read more

    • EPSS Score: %0.15
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-8374

    fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5217

    providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a du... Read more

    Affected Products : ipsilon
    • EPSS Score: %0.39
    • Published: Nov. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2009-1996

    Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.18
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2016-0503

    Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.... Read more

    • EPSS Score: %0.72
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2025-29839

    Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291739 Results