Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2011-4291

    Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.... Read more

    Affected Products : moodle
    • Published: Jul. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-20402

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. I... Read more

    Affected Products : security_verify_information_queue
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-16181

    In Limesurvey before 3.17.14, admin users can mark other users' notifications as read.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-4221

    Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspe... Read more

    • Published: Jun. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-2355

    Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.... Read more

    Affected Products : moodle
    • Published: Jul. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2019-1667

    A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploi... Read more

    Affected Products : hyperflex_hx_data_platform
    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21447

    Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.... Read more

    Affected Products : cloud
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-39889

    Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.... Read more

    Affected Products : galaxywatch4plugin
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-24923

    Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.... Read more

    Affected Products : searchwidget
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-2945

    Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors.... Read more

    Affected Products : dokuwiki
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2023-21463

    Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application... Read more

    Affected Products : android myfiles
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-20031

    A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be... Read more

    Affected Products : phplist
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-39848

    Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.... Read more

    Affected Products : android dex
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-20070

    A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in... Read more

    Affected Products : firepower_threat_defense
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20478

    IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.... Read more

    Affected Products : cloud_pak_system
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-21534

    Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API.... Read more

    Affected Products : hybrid_client
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-20177

    A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attack... Read more

    Affected Products : firepower_threat_defense
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4811

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.... Read more

    Affected Products : cloud_pak_for_security
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-35762

    bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.... Read more

    Affected Products : bloofoxcms
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-23765

    An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentified service on port 7412 on the network. All the network services of the gateway become unresponsive after sending 85 requests to this port. The content an... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results