Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2013-5097

    Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensit... Read more

    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-5756

    Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.... Read more

    Affected Products : sip-t38g
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-4566

    mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.... Read more

    Affected Products : enterprise_linux mod_nss
    • Published: Dec. 12, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-5383

    IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.... Read more

    Affected Products : maximo_asset_management
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-9155

    Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploade... Read more

    Affected Products : avatar_uploader
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2018-16237

    An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.... Read more

    Affected Products : damicms
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2007-3604

    vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.... Read more

    Affected Products : vtiger_crm
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2018-2497

    The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.... Read more

    Affected Products : hana
    • Published: Dec. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20523

    IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more

    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1686

    The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection... Read more

    Affected Products : five_minute_webshop
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-4495

    The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.... Read more

    Affected Products : drupal mimemail
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-7234

    The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.... Read more

    Affected Products : open_semantic_framework
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-25524

    Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.... Read more

    Affected Products : contacts
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-19964

    On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication.... Read more

    Affected Products : gs728tps_firmware gs728tps
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4886

    IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.... Read more

    Affected Products : infosphere_information_server
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-4861

    The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL.... Read more

    Affected Products : infosphere_replication_server
    • Published: Apr. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-3529

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager.... Read more

    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1624

    The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote... Read more

    • Published: Feb. 08, 2013
    • Modified: May. 12, 2025

  • 4.0

    MEDIUM
    CVE-2005-4002

    WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.... Read more

    Affected Products : webeoc
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2014-0439

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 293425 Results