Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2019-4705

    IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.... Read more

    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4398

    IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259.... Read more

    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4112

    IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-2941

    Vulnerability in the Hyperion Profitability and Cost Management product of Oracle Hyperion (component: Modeling). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access vi... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4161

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660.... Read more

    Affected Products : security_information_queue
    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4465

    IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.... Read more

    Affected Products : cloud_pak_system
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-2809

    Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN... Read more

    Affected Products : firefox seamonkey navigator geckb
    • Published: Jul. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-1820

    Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April ... Read more

    • Published: Apr. 16, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-0174

    Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the ... Read more

    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2025-48928

    The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.... Read more

    Affected Products : telemessage
    • Actively Exploited
    • Published: May. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2008-2104

    The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.... Read more

    Affected Products : bugzilla
    • Published: May. 07, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2010-4787

    IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing.... Read more

    Affected Products : tivoli_directory_server
    • Published: Apr. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-1528

    ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated... Read more

    Affected Products : zynos prestige_660 prestige_661
    • Published: Mar. 26, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2020-6306

    Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).... Read more

    Affected Products : leasing
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-1728

    ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.... Read more

    Affected Products : openfire openfire
    • Published: Apr. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2018-1505

    IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.... Read more

    Affected Products : i2_enterprise_insight_analysis
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2011-1008

    Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demon... Read more

    Affected Products : rt request_tracker
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2017-10033

    Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with lo... Read more

    Affected Products : webcenter_sites
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2012-1497

    The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging ... Read more

    • Published: Mar. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2018-25101

    A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the i... Read more

    Affected Products :
    • Published: Apr. 22, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293647 Results