Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2006-0127

    Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command.... Read more

    Affected Products : mailsite
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2018-10423

    mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.... Read more

    Affected Products : minicms minicms
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-0669

    The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.... Read more

    Affected Products : wincc_tia_portal
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3824

    Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Manufacturing/Mfg Parts.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2018-10424

    mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.... Read more

    Affected Products : minicms minicms
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21464

    Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.... Read more

    Affected Products : android calendar
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-1999-0670

    Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.... Read more

    Affected Products : internet_explorer
    • Published: Sep. 01, 1999
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2014-2346

    COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and ... Read more

    • Published: Jun. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0463

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors rela... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-5905

    Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.... Read more

    Affected Products : knftpd
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2025-53604

    The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.... Read more

    Affected Products :
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2015-8303

    Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.... Read more

    Affected Products : document_security_management
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-7177

    XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.... Read more

    Affected Products : tuleap
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-48470

    Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned... Read more

    Affected Products :
    • Published: Dec. 28, 2024
    • Modified: Dec. 28, 2024

  • 4.0

    MEDIUM
    CVE-2021-25472

    An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.... Read more

    Affected Products : android dex
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-12361

    A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vu... Read more

    Affected Products : jabber
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2015-2012

    The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive i... Read more

    Affected Products : websphere_mq
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2023-30717

    Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.... Read more

    Affected Products : android android dex
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21447

    Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.... Read more

    Affected Products : cloud
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-30724

    Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.... Read more

    Affected Products : gallery
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293633 Results