Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2011-5067

    move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.... Read more

    Affected Products : support_incident_tracker
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-6687

    The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876.... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-0438

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4555

    One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.... Read more

    Affected Products : one_click_orgs
    • Published: Dec. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2018-1991

    IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.... Read more

    Affected Products : api_connect
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2006-0787

    wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false info... Read more

    Affected Products : wimpy_mp3
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2025-48928

    The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.... Read more

    Affected Products : telemessage
    • Actively Exploited
    • Published: May. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2010-4787

    IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing.... Read more

    Affected Products : tivoli_directory_server
    • Published: Apr. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-0173

    Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpe... Read more

    Affected Products : enterprise_collaboration
    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-2018

    The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a ma... Read more

    Affected Products : phpizabi
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-1820

    Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April ... Read more

    • Published: Apr. 16, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-3229

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-3172

    Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-2238

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1963

    The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-2399

    Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components.... Read more

    Affected Products : siebel_crm
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2006-1175

    The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.... Read more

    Affected Products : weonlydo_sftp
    • Published: May. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2012-4400

    repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.... Read more

    Affected Products : moodle
    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-0997

    Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL.... Read more

    Affected Products : database_server
    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-2625

    Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the O... Read more

    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294522 Results