Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2019-15662

    An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chai... Read more

    Affected Products : killer_control_center
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4635

    IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.... Read more

    Affected Products : security_secret_server
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-4768

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote authenticated users to affect confidentiality via unknown ... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-9154

    The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.... Read more

    Affected Products : notify
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-20391

    IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.... Read more

    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-10254

    Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network acc... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2016-9749

    IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.... Read more

    Affected Products : campaign
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20286

    A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.... Read more

    Affected Products : enterprise_linux libnbd
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-10220

    Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the ... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2020-14860

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more

    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-0587

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2571

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1488

    An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.... Read more

    Affected Products : endpoint_protection_manager
    • Published: Aug. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-5197

    Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.... Read more

    Affected Products : splunk
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0614

    Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0531

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Oracle Diagnostics Interfaces.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2125

    Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : webinspect
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-7683

    Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.... Read more

    Affected Products : font
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0595

    Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-8007

    The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notific... Read more

    Affected Products : echo
    • Published: Nov. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294530 Results