Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2004-2520

    POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands.... Read more

    Affected Products : gattaca_server_2003
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-4016

    Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : collaboration_suite
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2019-2941

    Vulnerability in the Hyperion Profitability and Cost Management product of Oracle Hyperion (component: Modeling). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access vi... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-4041

    The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.... Read more

    Affected Products : softalk_mail_server
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2015-3379

    The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified... Read more

    Affected Products : views
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2019-4296

    IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.... Read more

    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-4773

    Unspecified vulnerability in the Hyperion Common Security component in Oracle Hyperion 11.1.2.2, 11.1.2.3, and 11.1.2.4 allows remote authenticated users to affect availability via unknown vectors related to User Account Update.... Read more

    Affected Products : hyperion
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2118

    Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : access_control
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-1993

    The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-4270

    Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-42... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3995

    SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.... Read more

    Affected Products : hana
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-4192

    sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.... Read more

    Affected Products : plone
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3342

    The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.... Read more

    Affected Products : ios_xr cli
    • Published: Sep. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2020-5297

    In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files... Read more

    Affected Products : october
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-6687

    The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876.... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-0438

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-3349

    Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.... Read more

    Affected Products : cloud_portal
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3087

    callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity refere... Read more

    • Published: Aug. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2629

    HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on progr... Read more

    Affected Products : nonstop_safeguard_security
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0680

    Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.... Read more

    Affected Products : unified_callmanager
    • Published: Mar. 28, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293612 Results