Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2010-0781

    Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.51
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-0437

    shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.... Read more

    Affected Products : domain_technologie_control
    • EPSS Score: %1.21
    • Published: Mar. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2025-1348

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2010-3780

    Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.... Read more

    Affected Products : dovecot
    • EPSS Score: %1.06
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3680

    Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.... Read more

    Affected Products : mysql mysql
    • EPSS Score: %4.96
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-0770

    IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.51
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-3628

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.... Read more

    Affected Products : typo3
    • EPSS Score: %0.23
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2010-3678

    Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.... Read more

    Affected Products : mysql mysql
    • EPSS Score: %5.88
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-1320

    Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a... Read more

    Affected Products : kerberos_5
    • EPSS Score: %14.12
    • Published: Apr. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-1319

    The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) t... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.41
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2025-43217

    The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6. Privacy Indicators for microphone or camera access may not be correctly displayed.... Read more

    Affected Products : iphone_os ipados
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-43230

    The issue was addressed with additional permissions checks. This issue is fixed in iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2011-1687

    Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.... Read more

    Affected Products : rt request_tracker
    • EPSS Score: %0.50
    • Published: Apr. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3864

    Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.... Read more

    Affected Products : puppet_enterprise puppet puppet
    • EPSS Score: %0.31
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-3158

    The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted applicati... Read more

    Affected Products : picketlink
    • EPSS Score: %0.45
    • Published: Aug. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2272

    login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.... Read more

    Affected Products : moodle
    • EPSS Score: %0.28
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-0119

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.72
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0120

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.72
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-1099

    Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0919

    IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated w... Read more

    Affected Products : db2
    • EPSS Score: %0.36
    • Published: May. 08, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291918 Results