Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2009-0240

    listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.... Read more

    Affected Products : websvn
    • Published: Jan. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2016-8286

    Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.... Read more

    Affected Products : mysql
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4078

    Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (... Read more

    Affected Products : cloudera_manager navigator
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-2639

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2021-22193

    An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.... Read more

    Affected Products : gitlab
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-1996

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network ac... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-3598

    Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privil... Read more

    Affected Products : webcenter_sites
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2021-2045

    Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network ... Read more

    Affected Products : text
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-7517

    An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then crea... Read more

    Affected Products : openshift
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2017-3603

    Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privil... Read more

    Affected Products : webcenter_sites
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2024-37141

    Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : data_domain_operating_system
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-2559

    Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.... Read more

    Affected Products : debian_linux drupal
    • Published: Mar. 25, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-3943

    Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.... Read more

    Affected Products : dotnetnuke
    • Published: Mar. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-37314

    Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.... Read more

    Affected Products : nextcloud_server notes
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-7548

    OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a c... Read more

    Affected Products : nova compute
    • Published: Jan. 12, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6808

    Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : spotlight
    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0347

    The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotf... Read more

    • Published: Apr. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2329

    Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a moni... Read more

    Affected Products : check_mk
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-0370

    Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.... Read more

    Affected Products : forms_experience_builder
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1807

    Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.... Read more

    Affected Products : openshift jenkins jenkins
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293544 Results