Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2010-3779

    Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox... Read more

    Affected Products : dovecot
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3737

    Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while usin... Read more

    Affected Products : db2
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-15103

    In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly acc... Read more

    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-0926

    The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using ... Read more

    Affected Products : samba
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4624

    MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.... Read more

    Affected Products : mybb
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-11526

    libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.... Read more

    Affected Products : ubuntu_linux debian_linux leap freerdp
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-18464

    Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.... Read more

    Affected Products : aikcms
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-4760

    Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.... Read more

    Affected Products : otrs
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-4560

    Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.... Read more

    Affected Products : drupal petition_node_module
    • Published: Nov. 28, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-28845

    Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members ... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4955

    Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1417

    do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that trigger... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0733

    Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to ce... Read more

    Affected Products : postgresql
    • Published: Mar. 19, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4791

    Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."... Read more

    Affected Products : exchange_server
    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-5354

    plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a d... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-4412

    Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php,... Read more

    Affected Products : deskpro
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-5646

    Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Aug. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2005-3310

    Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by... Read more

    Affected Products : phpbb
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2024-57159

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.... Read more

    Affected Products : 07flycms
    • Published: Jan. 16, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2009-2856

    Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-dat... Read more

    • Published: Aug. 18, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293608 Results