Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2017-1000369

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that... Read more

    Affected Products : debian_linux exim
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2017-10254

    Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network acc... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2017-10220

    Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the ... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2014-8327

    The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : fal_sftp
    • Published: Oct. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-3804

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-36826

    A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Thi... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-4031

    The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.... Read more

    Affected Products : clearpass
    • Published: Jul. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2020-2581

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastr... Read more

    Affected Products : graalvm
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-0658

    slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.... Read more

    Affected Products : openldap
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2014-0366

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-4759

    An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document ... Read more

    Affected Products : business_process_manager
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-2435

    Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    Affected Products : mysql
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-7831

    lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role t... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-0540

    Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.... Read more

    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-7195

    Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticate... Read more

    • Published: Nov. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-5393

    Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified v... Read more

    Affected Products : jobscheduler
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8606

    Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/ad... Read more

    Affected Products : xcloner
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-7833

    mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing t... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-3808

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-6609

    The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.... Read more

    Affected Products : asterisk
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293363 Results