Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2021-40537

    Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.... Read more

    Affected Products : user_ldap
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-3046

    IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2025-8285

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2020-4805

    IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.... Read more

    Affected Products : edge_application_manager
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-6097

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2022-39859

    Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.... Read more

    Affected Products : uphelper_library
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2009-3100

    xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking t... Read more

    Affected Products : solaris opensolaris x11
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2005-4786

    Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary... Read more

    Affected Products : virobot hauri_livecall vrazmain.dll
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2014-6212

    The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, ... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-4806

    The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges.... Read more

    Affected Products : web_content_manager
    • Published: May. 26, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2410

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-14616

    Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-1756

    IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.... Read more

    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-30487

    In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.... Read more

    Affected Products : zulip_server
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-9247

    Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8487

    Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter t... Read more

    Affected Products : enterprise_mobile_management
    • Published: Feb. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-20499

    IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more

    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2007-0836

    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NO... Read more

    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-4034

    IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conj... Read more

    Affected Products : cognos_business_intelligence
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-9684

    OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 ... Read more

    • Published: Feb. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293408 Results