Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-0383

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-2769

    Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access v... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-3050

    IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors.... Read more

    Affected Products : rational_team_concert
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0348

    The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitra... Read more

    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0334

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) ... Read more

    Affected Products : cms_made_simple
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3096

    Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : curam_social_program_management
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0427

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.... Read more

    Affected Products : mysql
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0371

    Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors r... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0228

    Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.... Read more

    Affected Products : hive
    • Published: Nov. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1636

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint... Read more

    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0875

    Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that r... Read more

    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2019-2814

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to... Read more

    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-8602

    The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inse... Read more

    Affected Products : token_insert_entity
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-0598

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-37141

    Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : data_domain_operating_system
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-0601

    Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition.... Read more

    Affected Products : mysql
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2021-22193

    An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.... Read more

    Affected Products : gitlab
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-5953

    Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared... Read more

    Affected Products : owncloud owncloud_server
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-7517

    An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then crea... Read more

    Affected Products : openshift
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2017-5607

    Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace... Read more

    Affected Products : splunk
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293513 Results