Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2010-5101

    Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion fu... Read more

    Affected Products : typo3
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-4079

    Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty post... Read more

    Affected Products : openldap
    • Published: Oct. 27, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-0386

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-2317

    Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET).... Read more

    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-1312

    The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended acce... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2011-2280

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-227... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-4213

    Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.... Read more

    • Published: Jun. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-3701

    lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.... Read more

    Affected Products : enterprise_mrg enterprise_mrg
    • Published: Oct. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2020-15279

    An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external securi... Read more

    Affected Products : endpoint_security_tools
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2011-1384

    The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a s... Read more

    Affected Products : aix invscout.rte
    • Published: Jan. 04, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-25260

    elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.... Read more

    Affected Products : elfutils
    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 4.0

    MEDIUM
    CVE-2011-4679

    vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.... Read more

    Affected Products : vtiger_crm
    • Published: Dec. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2009-4658

    Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.... Read more

    Affected Products : xerver
    • Published: Mar. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-4300

    Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, C... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2010-1320

    Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a... Read more

    Affected Products : kerberos_5
    • Published: Apr. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-1264

    Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help... Read more

    Affected Products : sharepoint_services
    • Published: Jun. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-7182

    Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND comm... Read more

    Affected Products : surgemail
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2010-0154

    Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot... Read more

    • Published: Sep. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2007-6422

    The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb vari... Read more

    Affected Products : http_server
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2009-4019

    mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the G... Read more

    Affected Products : mysql mysql
    • Published: Nov. 30, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294738 Results