Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-1608

    Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vec... Read more

    Affected Products : opportunity_form
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8896

    The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1... Read more

    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-4802

    The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization che... Read more

    Affected Products : business_process_manager
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0516

    Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.... Read more

    Affected Products : watch4net vipr_srm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2020-4650

    IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.... Read more

    Affected Products : maximo_spatial_asset_management
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4906

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4846

    IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-34670

    Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 4.0

    MEDIUM
    CVE-2024-34677

    Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 4.0

    MEDIUM
    CVE-2024-36062

    The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.andr... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Feb. 10, 2025

  • 4.0

    MEDIUM
    CVE-2012-6100

    report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess v... Read more

    Affected Products : moodle
    • Published: Jan. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2025-20909

    Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025

  • 4.0

    MEDIUM
    CVE-2012-5905

    Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.... Read more

    Affected Products : knftpd
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-7177

    XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.... Read more

    Affected Products : tuleap
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2023-30711

    Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.... Read more

    Affected Products : android android dex
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-53604

    The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.... Read more

    Affected Products :
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2017-18455

    In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-5461

    An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.1... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-19018

    An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.... Read more

    Affected Products : webtitan
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-3076

    Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker wit... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293679 Results