Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-6406

    Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.... Read more

    Affected Products : emergency_responder
    • Published: Dec. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6232

    Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : ldap
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-31403

    Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token v... Read more

    Affected Products : vaadin
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-3400

    Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.... Read more

    Affected Products : webex_meetings_server
    • Published: Oct. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-5061

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confid... Read more

    Affected Products : financial_services_software
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-20847

    Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.... Read more

    Affected Products : android android dex
    • Published: Apr. 02, 2024
    • Modified: Feb. 07, 2025

  • 4.0

    MEDIUM
    CVE-2022-39848

    Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.... Read more

    Affected Products : android dex
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-39889

    Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.... Read more

    Affected Products : galaxywatch4plugin
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-2965

    Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.... Read more

    Affected Products : oscommerce
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-4327

    A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack re... Read more

    Affected Products :
    • Published: Apr. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-7846

    tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restr... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-34650

    Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 4.0

    MEDIUM
    CVE-2024-34634

    Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.... Read more

    Affected Products : notes
    • Published: Aug. 07, 2024
    • Modified: Aug. 09, 2024

  • 4.0

    MEDIUM
    CVE-2022-1690

    The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection... Read more

    Affected Products : note_press
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-21296

    Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live quer... Read more

    Affected Products : fleet
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-1758

    Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-5044

    Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.... Read more

    Affected Products : windows_server_2003 windows_vista
    • Published: Nov. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-3502

    Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.... Read more

    Affected Products : rt request_tracker
    • Published: Aug. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2022-22326

    IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.... Read more

    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25391

    Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293407 Results