Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-3782

    MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.... Read more

    Affected Products : community_server
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2016-0606

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to en... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-2008

    MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slas... Read more

    Affected Products : ubuntu_linux fedora mysql mysql
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-52611

    The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.... Read more

    Affected Products : solarwinds_platform
    • Published: Feb. 11, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2024-52831

    Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 15, 2025

  • 3.5

    LOW
    CVE-2021-40086

    An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from dir... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-1157

    Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged... Read more

    Affected Products : gitlab
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-1111

    A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the projec... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-3716

    A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the serve... Read more

    Affected Products : enterprise_linux nbdkit
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-45916

    The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.... Read more

    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-1054

    Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.... Read more

    Affected Products : crea8social
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4528

    Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_centerstage centerstage
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-0240

    listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.... Read more

    Affected Products : websvn
    • Published: Jan. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-5070

    The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obta... Read more

    Affected Products : fedora battle_for_wesnoth
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-5494

    Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webform_matrix_component
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3961

    The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.... Read more

    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-6074

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to ... Read more

    Affected Products : jenkins jenkins
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5163

    The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.... Read more

    Affected Products : glance glance
    • Published: Aug. 19, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4541

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rsa_archer_grc
    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-7020

    Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the ... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293656 Results