Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2020-15101

    In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untruste... Read more

    Affected Products : freewvs
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-8007

    Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.... Read more

    Affected Products : prime_infrastructure
    • Published: Dec. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2020-4248

    IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    • Published: May. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-4807

    Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.... Read more

    • Published: Nov. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2023-43081

    PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. ... Read more

    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-5757

    Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.... Read more

    Affected Products : sip-t38g
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-36795

    Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 06, 2024
    • Modified: May. 29, 2025

  • 4.0

    MEDIUM
    CVE-2018-20405

    BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system ... Read more

    Affected Products : bigtree_cms bigtree
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-34354

    IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. ... Read more

    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-6028

    TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.... Read more

    Affected Products : torrentflux torrentflux
    • Published: Sep. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-34312

    IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. ... Read more

    Affected Products : cics_tx
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-34314

    IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. ... Read more

    Affected Products : cics_tx
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-20838

    In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418... Read more

    Affected Products : android linux_kernel yocto mt6833 mt6853 mt6855 mt6873 mt6877 mt6879 mt6883 +32 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-4966

    A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-14633

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compro... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-2019

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-11040

    In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.... Read more

    Affected Products : debian_linux leap freerdp
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-31906

    In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.... Read more

    Affected Products : teamcity
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-33692

    Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-27832

    Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results