Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-0439

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2007-3785

    Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: t... Read more

    Affected Products : secureblackbox
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-5898

    Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.... Read more

    Affected Products : jdk jre
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-1697

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.... Read more

    Affected Products : mysql mariadb
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2023-50007

    FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Jun. 06, 2025

  • 4.0

    MEDIUM
    CVE-2013-5786

    Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0712

    The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.... Read more

    Affected Products : db2
    • Published: Mar. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-2586

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606.... Read more

    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2005-3813

    IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690.... Read more

    • Published: Nov. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2025-32365

    Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.... Read more

    Affected Products : poppler
    • Published: Apr. 05, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-25194

    Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior... Read more

    Affected Products : lemmy
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.0

    MEDIUM
    CVE-2025-30721

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the ... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2025-32803

    In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.... Read more

    Affected Products : kea
    • Published: May. 28, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-32460

    GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.... Read more

    Affected Products : graphicsmagick
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-32997

    In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.... Read more

    Affected Products : http-proxy-middleware
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025

  • 4.0

    MEDIUM
    CVE-2022-34354

    IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. ... Read more

    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-4807

    Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.... Read more

    • Published: Nov. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-25391

    Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4218

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.... Read more

    Affected Products : security_information_queue
    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-8007

    Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.... Read more

    Affected Products : prime_infrastructure
    • Published: Dec. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293259 Results