Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2020-14634

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compro... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-1560

    Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.... Read more

    Affected Products : db2
    • Published: Apr. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-0422

    gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and acc... Read more

    Affected Products : screensaver
    • Published: Feb. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-0451

    The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.... Read more

    Affected Products : hp-ux
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-5141

    Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.... Read more

    Affected Products : warftpd
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-1617

    user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.... Read more

    Affected Products : moodle
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3840

    The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a craft... Read more

    Affected Products : mysql mysql
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-2230

    The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.... Read more

    Affected Products : moodle
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3937

    Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."... Read more

    Affected Products : exchange_server
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4242

    The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NU... Read more

    Affected Products : linux_kernel
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3701

    lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.... Read more

    Affected Products : enterprise_mrg enterprise_mrg
    • Published: Oct. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-5012

    ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.... Read more

    Affected Products : pyftpdlib
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-3628

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.... Read more

    Affected Products : typo3
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-4090

    The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.... Read more

    • Published: Oct. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-5073

    IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested group that contains the Distinguished Name (DN) of its pa... Read more

    Affected Products : tivoli_directory_server
    • Published: Apr. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-11586

    Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.... Read more

    Affected Products : ubuntu_linux pulseaudio
    • Published: Nov. 23, 2024
    • Modified: Aug. 26, 2025

  • 4.0

    MEDIUM
    CVE-2014-4300

    Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, C... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-2406

    Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : siebel_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-2278

    The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing ... Read more

    Affected Products : lotus_connections
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-5540

    backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimiza... Read more

    Affected Products : postgresql
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 293259 Results