Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2017-12361

    A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vu... Read more

    Affected Products : jabber
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2015-8303

    Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.... Read more

    Affected Products : document_security_management
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3708

    OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.... Read more

    Affected Products : openstack nova
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-9179

    Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.... Read more

    Affected Products : supportezzy_ticket_system
    • Published: Dec. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-6097

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2021-25523

    Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.... Read more

    Affected Products : dialer
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-38514

    Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-46270

    JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.... Read more

    Affected Products : artifactory
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-40537

    Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.... Read more

    Affected Products : user_ldap
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20121

    The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a spec... Read more

    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-3046

    IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2021-22033

    Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.... Read more

    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4805

    IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.... Read more

    Affected Products : edge_application_manager
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-0189

    The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.... Read more

    Affected Products : websphere_mq
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2007-2557

    MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : mambo
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-0567

    IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013... Read more

    • Published: Jul. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-1759

    Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1758.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-6422

    The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.... Read more

    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0031

    The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.... Read more

    Affected Products : cloudstack
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-7395

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Manag... Read more

    • Published: Nov. 08, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293343 Results