Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-8658

    Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versi... Read more

    Affected Products : refinedwiki_original_theme
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-4014

    The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.... Read more

    Affected Products : wireless_control_system_software
    • Published: May. 02, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-14616

    Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2011-0856

    Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA through 8.49.30, 8.50 GA through 8.50.17, and 8.51 GA through 8.51.07 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2016-3761

    NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2002-2433

    NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.... Read more

    Affected Products : netware netware_ftp_server
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-3593

    The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.... Read more

    Affected Products : unified_callmanager
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-5451

    Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : peoplesoft_enterprise enterpriseone
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5018

    ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.... Read more

    Affected Products : contentkeeper
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2010-0878

    Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-1825

    modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.... Read more

    Affected Products : mycolex
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-0127

    Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command.... Read more

    Affected Products : mailsite
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-2488

    Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.... Read more

    Affected Products : nexgen_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0613

    Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications.... Read more

    Affected Products : solaris j2se
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2007-2731

    CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.... Read more

    Affected Products : jetbox_cms
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-0291

    Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2009-0982

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-5678

    Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (... Read more

    Affected Products : olib7_webview
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5654

    Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (applicatio... Read more

    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2005-3548

    Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.... Read more

    Affected Products : invision_board
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294447 Results