Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2006-5198

    The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."... Read more

    Affected Products : winzip
    • Published: Nov. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-2392

    Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.... Read more

    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2374

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2376

    Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.... Read more

    Affected Products : mysql mariadb solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4198

    The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows rem... Read more

    Affected Products : bugzilla
    • Published: Nov. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3802

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3056

    Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-2573

    Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2389

    Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0715

    The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.... Read more

    Affected Products : vxworks
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0443

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality a... Read more

    Affected Products : jdk jre jre jdk
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2360

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.... Read more

    Affected Products : system_management_homepage
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2359

    Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.... Read more

    Affected Products : system_management_homepage
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0676

    Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQ... Read more

    Affected Products : simatic_pcs7 wincc
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0679

    Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.... Read more

    Affected Products : simatic_pcs7 wincc
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2007-4772

    The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular ... Read more

    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-4421

    The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contribu... Read more

    Affected Products : wordpress
    • Published: Sep. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2019-19073

    Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() ... Read more

    Affected Products : linux_kernel fedora leap
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-0671

    Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.... Read more

    Affected Products : wincc_tia_portal
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2506

    app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.... Read more

    Affected Products : spree
    • Published: Mar. 08, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294299 Results