Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2021-25391

    Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2009-3921

    The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic ... Read more

    Affected Products : drupal smartqueue_og
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2010-0928

    OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easie... Read more

    Affected Products : openssl leon3_soc virtex-ii_pro_fpga
    • Published: Mar. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-3529

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager.... Read more

    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2019-4218

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.... Read more

    Affected Products : security_information_queue
    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-5044

    Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.... Read more

    Affected Products : windows_server_2003 windows_vista
    • Published: Nov. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2012-3201

    Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Self-Service (Student Records).... Read more

    Affected Products : peoplesoft_products
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2017-1783

    IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-1748

    Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway, a different vulnerability than CVE-2012-0... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-1624

    The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote... Read more

    • Published: Feb. 08, 2013
    • Modified: May. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3377

    snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.... Read more

    Affected Products : ios_xr
    • Published: Sep. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-3505

    The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a (1) log file or (2) configuration file.... Read more

    Affected Products : groundwork_monitor
    • Published: May. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-5757

    Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.... Read more

    Affected Products : sip-t38g
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-20377

    IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.... Read more

    Affected Products : security_guardium
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2005-4002

    WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.... Read more

    Affected Products : webeoc
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2009-5001

    The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow r... Read more

    Affected Products : filenet_p8_application_engine
    • Published: Sep. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2023-23469

    IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Feb. 01, 2023
    • Modified: Mar. 26, 2025

  • 4.0

    MEDIUM
    CVE-2017-10213

    Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru... Read more

    Affected Products : hospitality_suite8
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2018-0532

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-0439

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 294837 Results