Latest CVE Feed
-
4.3
MEDIUMCVE-2020-10901
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more
- Published: Apr. 22, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-12287
A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected s... Read more
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-10299
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more
Affected Products : agile_product_lifecycle_management_framework agile_plm agile_product_lifecycle_management- Published: Oct. 19, 2017
- Modified: May. 08, 2025
-
4.3
MEDIUMCVE-2021-34777
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause i... Read more
Affected Products : business_220-8t-e-2g_firmware business_220-8p-e-2g_firmware business_220-8fp-e-2g_firmware business_220-16t-2g_firmware business_220-16p-2g_firmware business_220-24t-4g_firmware business_220-24p-4g_firmware business_220-24fp-4g_firmware business_220-48t-4g_firmware business_220-48p-4g_firmware +22 more products- Published: Oct. 06, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-16971
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.... Read more
Affected Products : learning_management_system- Published: Sep. 12, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-2435
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflo... Read more
Affected Products :- Published: Apr. 02, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-27526
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. ... Read more
Affected Products : superset- Published: Sep. 06, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-36660
A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads ... Read more
Affected Products : eve_ship_replacement_program- Published: Feb. 06, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-1507
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.... Read more
- Published: Dec. 11, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-1785
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.... Read more
Affected Products : api_connect- Published: Feb. 07, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-39264
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.... Read more
Affected Products : superset- Published: Sep. 06, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to... Read more
Affected Products : metform_elementor_contact_form_builder- Published: Aug. 31, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-8971
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.... Read more
Affected Products : matrix_operating_environment- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-45854
An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were... Read more
Affected Products : nwa110ax_firmware nwa210ax_firmware wax510d_firmware wax610d_firmware wax630s_firmware wax650s_firmware nwa110ax nwa210ax wax510d wax610d +2 more products- Published: Feb. 07, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-1251
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.... Read more
- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2023-3201
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged requ... Read more
Affected Products : mstore_api- Published: Jun. 14, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-36750
The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauth... Read more
Affected Products : image_optimizer- Published: Jul. 12, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-0563
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.... Read more
Affected Products : m-files_server- Published: Feb. 23, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-17141
Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T;... Read more
Affected Products : s12700_firmware s1700_firmware s2700_firmware s5700_firmware s6700_firmware s7700_firmware s9700_firmware s3700_firmware s2700 s3700 +6 more products- Published: Mar. 05, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-4408
The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthentic... Read more
Affected Products : dw_question_\&_answer- Published: Jul. 12, 2023
- Modified: Nov. 21, 2024