Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-2185

    The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.... Read more

    Affected Products : unified_communications_manager
    • Published: Apr. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2007-2700

    The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensit... Read more

    Affected Products : weblogic_server
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2015-7395

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Manag... Read more

    • Published: Nov. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8735

    The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log... Read more

    Affected Products : bad_behavior
    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-1616

    Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.... Read more

    Affected Products : moodle
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-27657

    A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.... Read more

    Affected Products : focused_run
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-4990

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by l... Read more

    Affected Products : tealeaf_customer_experience
    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2308

    The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors.... Read more

    Affected Products : online_service_gate
    • Published: May. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-6344

    The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID C... Read more

    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-1684

    The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin... Read more

    Affected Products : cube_slider
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1688

    The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections... Read more

    Affected Products : note_press
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-22266

    (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.... Read more

    Affected Products : android dex
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-47400

    In the Linux kernel, the following vulnerability has been resolved: net: hns3: do not allow call hns3_nic_net_open repeatedly hns3_nic_net_open() is not allowed to called repeatly, but there is no checking for this. When doing device reset and setup tc ... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-22267

    Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.... Read more

    Affected Products : android dex
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1783

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-21249

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-53604

    The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.... Read more

    Affected Products :
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2015-2657

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Business Process... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-5464

    Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-7177

    XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.... Read more

    Affected Products : tuleap
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293510 Results