Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-0673

    Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.... Read more

    • Published: Mar. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0503

    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.... Read more

    Affected Products : mysql
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8112

    389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading... Read more

    Affected Products : fedora 389_directory_server
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6520

    Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0141

    IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.... Read more

    Affected Products : openpages_grc_platform
    • Published: Oct. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0142

    IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administrati... Read more

    Affected Products : openpages_grc_platform
    • Published: Oct. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0112

    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5... Read more

    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-4291

    Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0143

    IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.... Read more

    Affected Products : openpages_grc_platform
    • Published: Oct. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2452

    Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1480

    ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash... Read more

    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0487

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0169

    IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.... Read more

    Affected Products : security_siteprotector_system
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-10132

    A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scr... Read more

    Affected Products :
    • Published: Apr. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-32633

    An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.... Read more

    Affected Products :
    • Published: Apr. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4726

    The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.... Read more

    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-5213

    nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.... Read more

    Affected Products : edirectory
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1456

    Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.... Read more

    Affected Products : fortiauthenticator
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-10131

    A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site script... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-0271

    The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.... Read more

    Affected Products : openstack
    • Published: Mar. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293288 Results