Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2019-4054

    IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.... Read more

    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-40725

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and i... Read more

    Affected Products : qms_automotive
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-20900

    Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-0109

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. T... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-1758

    Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-25358

    A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.... Read more

    Affected Products : android dex
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-2965

    Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.... Read more

    Affected Products : oscommerce
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-3780

    Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Saved Search.... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-21296

    Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live quer... Read more

    Affected Products : fleet
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-6426

    The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) creat... Read more

    Affected Products : heat
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0576

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 6.0.1 and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Help.... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4583

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.... Read more

    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-3930

    GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.... Read more

    Affected Products : gv-gf192x_firmware gv-gf192x
    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4650

    IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.... Read more

    Affected Products : maximo_spatial_asset_management
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-5297

    In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files... Read more

    Affected Products : october
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-34635

    Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.... Read more

    Affected Products : notes
    • Published: Aug. 07, 2024
    • Modified: Aug. 09, 2024

  • 4.0

    MEDIUM
    CVE-2014-3276

    Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of ser... Read more

    Affected Products : identity_services_engine_software
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-6100

    report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess v... Read more

    Affected Products : moodle
    • Published: Jan. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-5464

    Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-20909

    Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
Showing 20 of 293330 Results