Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2021-25391

    Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2009-5001

    The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow r... Read more

    Affected Products : filenet_p8_application_engine
    • Published: Sep. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4328

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read o... Read more

    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-3280

    The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecif... Read more

    • Published: Jun. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-1884

    Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated use... Read more

    Affected Products : business_process_manager websphere
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-52614

    Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-3298

    Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.... Read more

    Affected Products : cloud_portal
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-1139

    The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.... Read more

    Affected Products : cloud_portal
    • Published: Feb. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-25341

    Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.... Read more

    Affected Products : s_assistant sassistant
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-2313

    Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    Affected Products : ec-cube ec-cube
    • Published: May. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-25343

    Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.... Read more

    Affected Products : android members
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4951

    IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2015-4269

    The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-39898

    Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.... Read more

    Affected Products : android dex
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-3708

    OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.... Read more

    Affected Products : openstack nova
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-22343

    IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190.... Read more

    • Published: May. 14, 2024
    • Modified: Jan. 14, 2025

  • 4.0

    MEDIUM
    CVE-2012-5905

    Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.... Read more

    Affected Products : knftpd
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2012-0263

    monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to s... Read more

    Affected Products : monitor
    • Published: Dec. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2021-25472

    An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.... Read more

    Affected Products : android dex
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20402

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. I... Read more

    Affected Products : security_verify_information_queue
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294454 Results