Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2012-0119

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485... Read more

    Affected Products : mysql mysql
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2007-5232

    Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the... Read more

    Affected Products : jre sdk jdk
    • Published: Oct. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-4418

    Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.... Read more

    Affected Products : wikepage
    • Published: Aug. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2012-1689

    Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.... Read more

    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0578

    Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.... Read more

    Affected Products : ubuntu_linux mysql mariadb
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-2458

    Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin... Read more

    Affected Products : libextractor
    • Published: May. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2010-3683

    Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.... Read more

    Affected Products : mysql mysql
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-2468

    The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : weblogic_server
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2021-25939

    In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-priv... Read more

    Affected Products : arangodb
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25523

    Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.... Read more

    Affected Products : dialer
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-46270

    JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.... Read more

    Affected Products : artifactory
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2007-3600

    WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.... Read more

    Affected Products : vtiger_crm
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-3144

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-5375

    The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2007-4143

    user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upg... Read more

    Affected Products : phpcoupon
    • Published: Aug. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2023-50007

    FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 19, 2024
    • Modified: Jun. 06, 2025

  • 4.0

    MEDIUM
    CVE-2007-3639

    WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; ... Read more

    Affected Products : wordpress
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2025-43197

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2007-3785

    Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: t... Read more

    Affected Products : secureblackbox
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-5374

    The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value... Read more

    Affected Products : linux_kernel
    • Published: Feb. 18, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293606 Results