Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-3296

    The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.... Read more

    Affected Products : webex_meetings_server
    • Published: Jun. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-6100

    report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess v... Read more

    Affected Products : moodle
    • Published: Jan. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0479

    IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access restrictions via a crafted filename.... Read more

    • Published: Jul. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0076

    Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2385

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-25817

    Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.... Read more

    Affected Products : android dex
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1689

    The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection... Read more

    Affected Products : note_press
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-39914

    Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.... Read more

    Affected Products : android dex
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-3316

    The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-34634

    Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.... Read more

    Affected Products : notes
    • Published: Aug. 07, 2024
    • Modified: Aug. 09, 2024

  • 4.0

    MEDIUM
    CVE-2014-6212

    The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, ... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2023-49142

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.... Read more

    Affected Products : openharmony openharmony
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-0234

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.... Read more

    Affected Products : openpages_grc_platform
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-46270

    JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.... Read more

    Affected Products : artifactory
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21429

    Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.... Read more

    Affected Products : android android dex
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-52947

    Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to op... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.0

    MEDIUM
    CVE-2022-24923

    Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.... Read more

    Affected Products : searchwidget
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2024-34617

    Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.... Read more

    Affected Products : android android dex
    • Published: Aug. 07, 2024
    • Modified: Aug. 12, 2024

  • 4.0

    MEDIUM
    CVE-2022-33696

    Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-20962

    Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization
Showing 20 of 294155 Results