Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2013-4131

    The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE r... Read more

    Affected Products : subversion
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-2085

    Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.... Read more

    Affected Products : owncloud
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-5097

    Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensit... Read more

    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3959

    The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated user... Read more

    Affected Products : simatic_pcs7 wincc
    • Published: Jun. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2019-19073

    Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() ... Read more

    Affected Products : linux_kernel fedora leap
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-6214

    Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.... Read more

    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-5096

    Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, a... Read more

    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-3442

    The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4800

    Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.... Read more

    Affected Products : enterprise_linux mysql
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-3530

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality via unknown vectors related to eDevelopment.... Read more

    Affected Products : peoplesoft_products
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0074

    Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-3526

    Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-3837

    MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-f... Read more

    Affected Products : mysql mysql
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2005-4426

    Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a... Read more

    Affected Products : yabb
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2015-0387

    Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-2317

    Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET).... Read more

    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-3829

    ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.... Read more

    Affected Products : support_incident_tracker
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4640

    Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.... Read more

    Affected Products : webtitan
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4831

    Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.... Read more

    Affected Products : web_file_browser
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4643

    Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.... Read more

    Affected Products : splunk
    • Published: Jan. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294836 Results