Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-2683

    Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.... Read more

    Affected Products : mutt
    • EPSS Score: %0.13
    • Published: May. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-3782

    MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.... Read more

    Affected Products : community_server
    • EPSS Score: %0.52
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2020-15103

    In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly acc... Read more

    • EPSS Score: %0.22
    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-0608

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.... Read more

    • EPSS Score: %0.41
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-3468

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access vi... Read more

    Affected Products : mysql mysql_server
    • EPSS Score: %0.17
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2014-6592

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389.... Read more

    Affected Products : fusion_middleware opensso
    • EPSS Score: %0.15
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0814

    The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messag... Read more

    Affected Products : openssh
    • EPSS Score: %0.60
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5240

    Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to star... Read more

    Affected Products : neutron smart_vms
    • EPSS Score: %0.09
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2021-2045

    Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network ... Read more

    Affected Products : text
    • EPSS Score: %0.31
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-7811

    Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.... Read more

    Affected Products : spacewalk network_satellite manager
    • EPSS Score: %0.18
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4757

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.... Read more

    • EPSS Score: %0.72
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1808

    Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.20
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0465

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.15
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2950

    CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authent... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.23
    • Published: Jun. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-0904

    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a de... Read more

    Affected Products : vino
    • EPSS Score: %1.02
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-14771

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with net... Read more

    • EPSS Score: %0.26
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-4644

    Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.... Read more

    Affected Products : subversion
    • EPSS Score: %0.89
    • Published: Jan. 07, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3089

    Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.... Read more

    Affected Products : mailman
    • EPSS Score: %0.39
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-11044

    In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • EPSS Score: %0.09
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-2198

    The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the str... Read more

    Affected Products : opensuse solaris gnome-terminal
    • EPSS Score: %0.81
    • Published: May. 21, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291906 Results