Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2013-3596

    AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter.... Read more

    Affected Products : advanceware
    • Published: Sep. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-3346

    Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOT... Read more

    Affected Products : enterprise_linux qemu xen
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2506

    app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.... Read more

    Affected Products : spree
    • Published: Mar. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-5891

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-0308

    lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.... Read more

    Affected Products : squid
    • Published: Feb. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-5934

    Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a... Read more

    Affected Products : open-xchange_appsuite
    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4044

    IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request.... Read more

    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4198

    mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.... Read more

    Affected Products : plone
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2441

    Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0395

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Security.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4155

    OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.... Read more

    Affected Products : swift folsom grizzly havana
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4597

    The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vector... Read more

    Affected Products : revisioning
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2392

    Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.... Read more

    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4592

    Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2389

    Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-56138

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revoca... Read more

    Affected Products : notation-go
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Cryptography

  • 4.0

    MEDIUM
    CVE-2013-2376

    Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.... Read more

    Affected Products : mysql mariadb solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2374

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-4129

    Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload ... Read more

    Affected Products : gallery gallery
    • Published: Sep. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-2360

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.... Read more

    Affected Products : system_management_homepage
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293637 Results