Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-2701

    Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.... Read more

    Affected Products : aspdotnetstorefront
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-5833

    Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.... Read more

    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34799

    Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : deployment_dashboard
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34798

    Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.... Read more

    Affected Products : deployment_dashboard
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0888

    Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.... Read more

    Affected Products : double_choco_latte
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2189

    The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible f... Read more

    Affected Products : stax
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34797

    A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.... Read more

    Affected Products : deployment_dashboard
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9933

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • Published: Oct. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-22216

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 S... Read more

    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2180

    Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.p... Read more

    Affected Products : wowbb_web_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-9945

    A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : macos mac_os_x safari
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-40697

    Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mi... Read more

    Affected Products : framemaker
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34779

    A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : xebialabs_xl_release
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2001

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead ... Read more

    Affected Products : gitlab
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2021-39916

    Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, al... Read more

    Affected Products : gitlab
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8297

    Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.... Read more

    Affected Products : deck
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-39910

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger... Read more

    Affected Products : gitlab
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-24427

    Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An... Read more

    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0914

    Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.... Read more

    Affected Products : cpg_dragonfly_cms
    • Published: Mar. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2352

    The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possible for unauthenti... Read more

    Affected Products : chp_ads_block_detector
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294842 Results