Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2012-5614

    Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a lar... Read more

    • EPSS Score: %3.72
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-54550

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 27, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2014-6155

    Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files v... Read more

    • EPSS Score: %0.32
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-4295

    Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294... Read more

    Affected Products : database_server
    • EPSS Score: %0.15
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2275

    The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other no... Read more

    • EPSS Score: %0.38
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2357

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.... Read more

    Affected Products : system_management_homepage
    • EPSS Score: %0.24
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-1618

    The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.18
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-32653

    Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions ... Read more

    Affected Products : nextcloud_server notes
    • EPSS Score: %0.83
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-4239

    The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.... Read more

    Affected Products : libvirt
    • EPSS Score: %0.58
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-9913

    Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.... Read more

    Affected Products : unzip
    • EPSS Score: %3.08
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2023-28362

    The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Lo... Read more

    Affected Products : actionpack
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2019-18458

    An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).... Read more

    Affected Products : gitlab
    • EPSS Score: %0.07
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-5627

    Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to co... Read more

    Affected Products : mysql mariadb
    • EPSS Score: %5.35
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0466

    template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attack... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.32
    • Published: Apr. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-2019

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip... Read more

    • EPSS Score: %0.26
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-0401

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.... Read more

    • EPSS Score: %0.50
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-4338

    cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all... Read more

    Affected Products : cups-filters
    • EPSS Score: %0.63
    • Published: Jun. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0432

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.... Read more

    • EPSS Score: %0.55
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-0534

    Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session.... Read more

    Affected Products : database_server
    • EPSS Score: %0.19
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-3181

    files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to b... Read more

    Affected Products : moodle
    • EPSS Score: %0.33
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291794 Results