Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-20960

    Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-20945

    Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-25194

    Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior... Read more

    Affected Products : lemmy
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.0

    MEDIUM
    CVE-2025-25765

    MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2008-1263

    The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.... Read more

    Affected Products : wrt54g wrt54g_firmware
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2025-48928

    The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.... Read more

    Affected Products : telemessage
    • Actively Exploited
    • Published: May. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2008-1301

    Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 param... Read more

    Affected Products : opencms
    • Published: Mar. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-2621

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CV... Read more

    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2017-10317

    Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon... Read more

    Affected Products : hospitality_suite8
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2006-0174

    Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the ... Read more

    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2010-4787

    IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing.... Read more

    Affected Products : tivoli_directory_server
    • Published: Apr. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-0173

    Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpe... Read more

    Affected Products : enterprise_collaboration
    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-2104

    The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.... Read more

    Affected Products : bugzilla
    • Published: May. 07, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-0981

    Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.... Read more

    Affected Products : e-merge_winace
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-3059

    member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffi... Read more

    Affected Products : oempro
    • Published: Dec. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-4500

    Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".... Read more

    Affected Products : serv-u_file_server serv-u
    • Published: Oct. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2025-26417

    In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges ... Read more

    Affected Products : android
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2008-2018

    The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a ma... Read more

    Affected Products : phpizabi
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-1999-0669

    The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.... Read more

    Affected Products : internet_explorer
    • Published: Sep. 01, 1999
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0309

    Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.... Read more

    Affected Products : befvp41
    • Published: Jan. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293562 Results