Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2023-43035

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Apr. 10, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-53910

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2019-4705

    IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.... Read more

    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4699

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.... Read more

    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-4016

    Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : collaboration_suite
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2004-2487

    Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls),... Read more

    Affected Products : nexgen_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-2520

    POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands.... Read more

    Affected Products : gattaca_server_2003
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-0253

    Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.... Read more

    Affected Products : biborb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2015-0409

    Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2019-4706

    IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.... Read more

    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2004-2747

    Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which trigge... Read more

    Affected Products : quick_n_easy_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-4041

    The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.... Read more

    Affected Products : softalk_mail_server
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2019-4695

    IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.... Read more

    Affected Products : guardium_data_encryption
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2004-2659

    Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action v... Read more

    Affected Products : opera_browser mozilla
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2010-3677

    Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.... Read more

    Affected Products : mysql mysql
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-5623

    WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action... Read more

    Affected Products : debian_linux wordpress
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-5718

    Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_deb... Read more

    Affected Products : content_gateway
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2346

    XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.... Read more

    Affected Products : seq_analyst
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0517

    The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a fi... Read more

    Affected Products : documentum_d2
    • Published: Feb. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-4755

    The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service... Read more

    Affected Products : openssh freebsd netbsd openbsd
    • Published: Mar. 02, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293280 Results