Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2012-4731

    FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.... Read more

    Affected Products : rtfm
    • Published: Nov. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-5789

    War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible... Read more

    Affected Products : warftpd
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-3639

    WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; ... Read more

    Affected Products : wordpress
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-6095

    The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages int... Read more

    Affected Products : ingate_firewall ingate_siparator
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-2041

    Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CS... Read more

    • Published: Apr. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-1642

    Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.... Read more

    • Published: Mar. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-3600

    WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.... Read more

    Affected Products : vtiger_crm
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2011-1404

    Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, ... Read more

    Affected Products : mahara
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-1674

    Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than ... Read more

    Affected Products : industry_applications
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-1497

    The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging ... Read more

    • Published: Mar. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4728

    Unspecified vulnerability in the Oracle Sourcing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Bid/Quote creation.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-1502

    Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE)... Read more

    Affected Products : liferay_portal
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4320

    The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.... Read more

    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-7821

    OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.... Read more

    Affected Products : fedora openstack neutron
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-7853

    The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authen... Read more

    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2018-12037

    An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the... Read more

    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-1732

    Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1754.... Read more

    Affected Products : siebel_crm
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-2238

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2002-2163

    KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php.... Read more

    Affected Products : kvpoll
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2011-4890

    The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.... Read more

    Affected Products : soliddb
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293261 Results