Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2012-0792

    mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.... Read more

    Affected Products : moodle
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4581

    mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.... Read more

    Affected Products : moodle
    • Published: Jul. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4830

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-4308

    mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.... Read more

    Affected Products : moodle
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4292

    Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.... Read more

    Affected Products : moodle
    • Published: Jul. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-20065

    In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0869... Read more

    Affected Products : android mt6781 mt6835 mt6853 mt6855 mt6877 mt6879 mt6885 mt6886 mt6893 +4 more products
    • Published: Jun. 03, 2024
    • Modified: Apr. 25, 2025

  • 4.0

    MEDIUM
    CVE-2011-4073

    Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and... Read more

    Affected Products : openswan
    • Published: Nov. 17, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4927

    Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : redmine
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4289

    Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.... Read more

    Affected Products : moodle
    • Published: Jul. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-15239

    In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-ho... Read more

    Affected Products : xmpp-http-upload
    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-5201

    Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) St... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-0489

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012... Read more

    Affected Products : mysql
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-6054

    The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-0574

    Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.... Read more

    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4831

    Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.... Read more

    Affected Products : web_file_browser
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-5095

    The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, ... Read more

    Affected Products : openssl
    • Published: Jun. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0448

    Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated... Read more

    Affected Products : bugzilla
    • Published: Feb. 02, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0515

    Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-6097

    GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in ex... Read more

    Affected Products : tar
    • Published: Nov. 24, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-0429

    dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.... Read more

    Affected Products : edirectory edirectory
    • Published: Dec. 25, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293594 Results