Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2019-4146

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-0684

    Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.... Read more

    Affected Products : activemq
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2016-0473

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via unknown vectors related to Fluid Core.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2377

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to My Services.... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3803

    Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related t... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2365

    Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.... Read more

    Affected Products : moodle
    • Published: Jul. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.4

    LOW
    CVE-2024-20038

    In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALP... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +21 more products
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 3.4

    LOW
    CVE-2024-1454

    The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer sy... Read more

    Affected Products : enterprise_linux fedora opensc
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2025-42927

    SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modif... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cryptography

  • 3.4

    LOW
    CVE-2023-25840

    There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Jul. 21, 2023
    • Modified: Apr. 10, 2025

  • 3.4

    LOW
    CVE-2025-25983

    An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.... Read more

    Affected Products : v380_pro
    • Published: Apr. 18, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 3.4

    LOW
    CVE-2022-41595

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41598

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2025-43916

    Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attack... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 3.4

    LOW
    CVE-2022-21563

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2025-0167

    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.4

    LOW
    CVE-2023-38301

    An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto ... Read more

    Affected Products :
    • Published: Apr. 22, 2024
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2019-2605

    Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Catalog). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allo... Read more

    Affected Products : business_intelligence
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2019-2786

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthentic... Read more

    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2023-37900

    Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crosspl... Read more

    Affected Products : crossplane crossplane
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293298 Results