Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-22769

    A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.... Read more

    Affected Products : easergy_t300_firmware easergy_t300
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34886

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22896

    Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.... Read more

    Affected Products : nextcloud_server nextcloud notes
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32107

    Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. ... Read more

    Affected Products : finale
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31264

    Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31251

    Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. ... Read more

    Affected Products : peepso
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31239

    Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31289

    Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-51499

    Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4725

    IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.... Read more

    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32773

    Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. ... Read more

    Affected Products : royal_elementor_kit
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32432

    Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1. ... Read more

    Affected Products :
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34755

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34806

    Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4015

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-52220

    Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. ... Read more

    Affected Products :
    • Published: Apr. 25, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-3508

    A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompr... Read more

    Affected Products : trusted_profile_analyzer
    • Published: Apr. 25, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2023-47727

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-0847

    The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33650

    Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4. ... Read more

    Affected Products : serious_slider
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results