Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-0665

    The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by ob... Read more

    Affected Products : identity_services_engine_software
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-1690

    The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection... Read more

    Affected Products : note_press
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-38480

    "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.... Read more

    Affected Products :
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-9843

    SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.... Read more

    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2012-0076

    Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-7177

    XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.... Read more

    Affected Products : tuleap
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0496

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2019-16181

    In Limesurvey before 3.17.14, admin users can mark other users' notifications as read.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-3296

    The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.... Read more

    Affected Products : webex_meetings_server
    • Published: Jun. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3276

    Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of ser... Read more

    Affected Products : identity_services_engine_software
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-29253

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and ... Read more

    Affected Products : xwiki
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25472

    An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.... Read more

    Affected Products : android dex
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-1814

    The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password f... Read more

    Affected Products : rave
    • Published: Mar. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2023-30718

    Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.... Read more

    Affected Products : android android dex
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-6280

    SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-6999

    The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and... Read more

    Affected Products : windows_server_2008
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-28790

    Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.... Read more

    Affected Products : link_to_windows_service
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20396

    IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.... Read more

    Affected Products : security_qradar_analyst_workflow
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-4759

    Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.... Read more

    Affected Products : otrs
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4273

    The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different res... Read more

    Affected Products : entity_api
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293628 Results