Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2005-4758

    Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed thr... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0445

    index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be th... Read more

    Affected Products : phpclanwebsite
    • Published: Jan. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0424

    BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.... Read more

    Affected Products : weblogic_server
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0393

    OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Aug. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2445

    Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2011-5270

    wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.... Read more

    Affected Products : wordpress
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4400

    repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.... Read more

    Affected Products : moodle
    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-2474

    Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, a... Read more

    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-1502

    Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE)... Read more

    Affected Products : liferay_portal
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3397

    lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authentic... Read more

    Affected Products : moodle
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-2500

    Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3229

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-2238

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4555

    The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache http... Read more

    Affected Products : certificate_system
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2018-3005

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-1497

    The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging ... Read more

    • Published: Mar. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2002-2163

    KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php.... Read more

    Affected Products : kvpoll
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2012-3172

    Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-1674

    Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than ... Read more

    Affected Products : industry_applications
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-1008

    Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demon... Read more

    Affected Products : rt request_tracker
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293414 Results