Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2019-1010310

    GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tool... Read more

    Affected Products : glpi
    • Published: Jul. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2006-6821

    myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified... Read more

    Affected Products : enews
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-3011

    Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafte... Read more

    Affected Products : debian_linux owncloud
    • Published: May. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-6775

    acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.... Read more

    Affected Products : acftp
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-5353

    The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a su... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5977

    Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST re... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-4428

    OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to ... Read more

    Affected Products : ubuntu_linux glance
    • Published: Oct. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3811

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.... Read more

    Affected Products : mysql
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2641

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-4227

    An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Pal... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2013-4995

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row in... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4861

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5418

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5572

    Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.... Read more

    Affected Products : zabbix
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5414

    The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authen... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5064

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentialit... Read more

    Affected Products : financial_services_software
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0531

    Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.... Read more

    Affected Products : peoplesoft_products
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-11044

    In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-5529

    TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.... Read more

    Affected Products : firebird firebird
    • Published: Nov. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0529

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core.... Read more

    Affected Products : peoplesoft_products
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293640 Results