Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2017-1000369

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that... Read more

    Affected Products : debian_linux exim
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2015-8575

    The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted appli... Read more

    Affected Products : linux_kernel
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2017-10254

    Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network acc... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2016-9338

    An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2016-0643

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.... Read more

    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0448

    Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.... Read more

    Affected Products : ubuntu_linux jdk jre
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0459

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect integrity via unknown vectors related to Popup Windows.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2001-0361

    Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 vers... Read more

    Affected Products : openssh ssh
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-5198

    The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."... Read more

    Affected Products : winzip
    • Published: Nov. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2024-54550

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 27, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2006-6058

    The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be... Read more

    Affected Products : linux_kernel
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2014-1222

    Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this iss... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3350

    Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.... Read more

    Affected Products : cloud_portal
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2449

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1, and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-3808

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-2522

    curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate wh... Read more

    Affected Products : curl libcurl windows
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3946

    The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Jun. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2572

    mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.... Read more

    Affected Products : moodle
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-1453

    The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a t... Read more

    Affected Products : freebsd
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2612

    Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : linux_kernel windows release_control
    • Published: Jun. 28, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293616 Results