Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2022-1688

    The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections... Read more

    Affected Products : note_press
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-1000369

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that... Read more

    Affected Products : debian_linux exim
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2021-2340

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-4390

    (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-0406

    OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.... Read more

    Affected Products : openttd
    • Published: May. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-54009

    Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 4.0

    MEDIUM
    CVE-2024-45989

    Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat da... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 4.0

    MEDIUM
    CVE-2015-0739

    The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka ... Read more

    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0401

    Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6422

    The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.... Read more

    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2006-7217

    Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.... Read more

    Affected Products : derby
    • Published: Jul. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2010-0879

    Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4545

    IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2019-15662

    An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chai... Read more

    Affected Products : killer_control_center
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2007-2557

    MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : mambo
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2015-0438

    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0834

    IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.... Read more

    Affected Products : general_parallel_file_system
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-6344

    The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID C... Read more

    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2007-2700

    The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensit... Read more

    Affected Products : weblogic_server
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2019-4635

    IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.... Read more

    Affected Products : security_secret_server
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results