Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.8

    LOW
    CVE-2013-7291

    memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree,"... Read more

    Affected Products : memcached
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2024-51746

    Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to ... Read more

    Affected Products : gitsign
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 1.8

    LOW
    CVE-2021-35618

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communicati... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2012-2424

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer derefer... Read more

    Affected Products : internet_explorer quickbooks
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2015-1798

    The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MA... Read more

    Affected Products : ntp
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2021-2147

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure w... Read more

    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2024-5532

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 1.8

    LOW
    CVE-2013-0179

    The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not accou... Read more

    Affected Products : memcached
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2016-8284

    Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.... Read more

    Affected Products : mysql
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2015-0875

    The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file.... Read more

    • Published: Feb. 15, 2015
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2012-2421

    Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to ... Read more

    Affected Products : internet_explorer quickbooks
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2025-21520

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker wi... Read more

    Affected Products : mysql_server mysql_cluster
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Information Disclosure

  • 1.7

    LOW
    CVE-2013-2382

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 1.7

    LOW
    CVE-2007-3700

    Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local u... Read more

    Affected Products : java_system_access_manager
    • Published: Jul. 11, 2007
    • Modified: Apr. 09, 2025

  • 1.7

    LOW
    CVE-2006-4642

    AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : auditwizard
    • Published: Sep. 08, 2006
    • Modified: Apr. 03, 2025

  • 1.7

    LOW
    CVE-2015-0498

    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.... Read more

    Affected Products : mysql
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.7

    LOW
    CVE-2016-0609

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.7

    LOW
    CVE-2008-3973

    Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.... Read more

    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 1.7

    LOW
    CVE-2015-4767

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.7

    LOW
    CVE-2011-2240

    Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294514 Results