Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2014-3332

    Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0656

    Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.... Read more

    Affected Products : context_directory_agent
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2007-5093

    The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2014-0453

    Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2020-2581

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastr... Read more

    Affected Products : graalvm
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-2366

    upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-6304

    Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.... Read more

    Affected Products : algo_one algo_risk_application
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-2749

    MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.... Read more

    Affected Products : mysql mysql
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2016-9844

    Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.... Read more

    Affected Products : unzip
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2016-0691

    Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.... Read more

    Affected Products : database database_server
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-0672

    The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.... Read more

    Affected Products : mediasense
    • Published: Jan. 22, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-0478

    APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.... Read more

    Affected Products : advanced_package_tool apt
    • Published: Jun. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3340

    Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.... Read more

    Affected Products : webex_meetmenow
    • Published: Aug. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3294

    Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID C... Read more

    Affected Products : webex_meetings_server
    • Published: Jun. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3297

    Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Re... Read more

    Affected Products : cloud_portal
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3617

    The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod... Read more

    Affected Products : moodle
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-2528

    The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lack... Read more

    Affected Products : pidgin
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-3477

    The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial ... Read more

    Affected Products : dbus d-bus
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3323

    Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.... Read more

    • Published: Jul. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3318

    Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 10, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294837 Results