Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2022-33690

    Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-0532

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2005-4002

    WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.... Read more

    Affected Products : webeoc
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2009-4847

    Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list.... Read more

    Affected Products : deliantra
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4861

    The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL.... Read more

    Affected Products : infosphere_replication_server
    • Published: Apr. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-6232

    Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : ldap
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1884

    Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated use... Read more

    Affected Products : business_process_manager websphere
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6406

    Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.... Read more

    Affected Products : emergency_responder
    • Published: Dec. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3400

    Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.... Read more

    Affected Products : webex_meetings_server
    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-25379

    Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.... Read more

    Affected Products : gallery
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-34650

    Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.0

    MEDIUM
    CVE-2018-0109

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. T... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-20900

    Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-7846

    tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restr... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-4327

    A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack re... Read more

    Affected Products :
    • Published: Apr. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-2297

    Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.... Read more

    Affected Products : infotech_storage_system_library
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2007-2700

    The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensit... Read more

    Affected Products : weblogic_server
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-5528

    Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSC... Read more

    Affected Products : unified_communications_manager
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4334

    The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.... Read more

    Affected Products : io-socket-ssl
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4545

    IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293414 Results