Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-7683

    Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.... Read more

    Affected Products : font
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2358

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.... Read more

    Affected Products : system_management_homepage
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3711

    libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message,... Read more

    Affected Products : pidgin
    • Published: Oct. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2004-2769

    Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.... Read more

    Affected Products : ftp_server
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-36057

    XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local applic... Read more

    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-2019

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-23091

    A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that pr... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2024
    • Modified: Jun. 04, 2025

  • 4.0

    MEDIUM
    CVE-2020-11040

    In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.... Read more

    Affected Products : debian_linux leap freerdp
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-34312

    IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. ... Read more

    Affected Products : cics_tx
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-28784

    Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.... Read more

    Affected Products : android dex
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2005-1699

    Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.... Read more

    Affected Products : postnuke
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2022-34314

    IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. ... Read more

    Affected Products : cics_tx
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-29035

    In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations... Read more

    Affected Products : ktor
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-25824

    Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.... Read more

    Affected Products : bixby_touch
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-2272

    login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2271

    tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass inte... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-1901

    PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.... Read more

    Affected Products : ubuntu_linux postgresql
    • Published: Apr. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-2267

    mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3030

    The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors.... Read more

    Affected Products : advanced_threat_defense
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3221

    OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset ... Read more

    Affected Products : neutron smart_vms
    • Published: Aug. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294336 Results