Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2015-4802

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-0451

    The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.... Read more

    Affected Products : hp-ux
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-4108

    XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.... Read more

    Affected Products : xm_easy_personal_ftp_server
    • Published: Nov. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2009-4467

    misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.... Read more

    Affected Products : deluxebb
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-4258

    Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter.... Read more

    Affected Products : anti-spam_smtp_proxy_server
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2009-4916

    Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID ... Read more

    Affected Products : asa_5580
    • Published: Jun. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-4048

    Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.... Read more

    Affected Products : xm_easy_personal_ftp_server
    • Published: Nov. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-4403

    The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Nov. 30, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2013-0367

    Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.... Read more

    Affected Products : ubuntu_linux mysql mariadb
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-4019

    mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the G... Read more

    Affected Products : mysql mysql
    • Published: Nov. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2009-3628

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.... Read more

    Affected Products : typo3
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2025-20940

    Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS.... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-25765

    MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-53910

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2013-0932

    EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.... Read more

    • Published: May. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-9749

    Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."... Read more

    Affected Products : opensuse squid
    • Published: Nov. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2012-4421

    The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contribu... Read more

    Affected Products : wordpress
    • Published: Sep. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-4413

    OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.... Read more

    Affected Products : keystone
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0676

    Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQ... Read more

    Affected Products : simatic_pcs7 wincc
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-0470

    HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files.... Read more

    • Published: Apr. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293602 Results