Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-4250

    Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager.... Read more

    Affected Products : siebel_crm
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-38746

    Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Inf... Read more

    Affected Products : supportassist_os_recovery
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2016-1500

    ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the file... Read more

    Affected Products : owncloud owncloud_server
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-49462

    Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2011-3523

    Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-2237.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2398

    Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-2141

    Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not i... Read more

    Affected Products : net-snmp
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2005-4190

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) L... Read more

    Affected Products : horde_application_framework
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2009-1971

    Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-1606

    Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : typo3
    • Published: Sep. 04, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4954

    Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-53901

    Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is trig... Read more

    Affected Products : wasmtime
    • Published: Jul. 18, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-51383

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-30700

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to com... Read more

    Affected Products : solaris solaris
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-55523

    An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2021-2045

    Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network ... Read more

    Affected Products : text
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-3319

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple p... Read more

    Affected Products : mysql
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-7517

    An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then crea... Read more

    Affected Products : openshift
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2025-26865

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, ... Read more

    Affected Products : ofbiz
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025

  • 3.5

    LOW
    CVE-2025-1363

    The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even... Read more

    • Published: Mar. 09, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294421 Results