Latest CVE Feed
-
4.3
MEDIUMCVE-2022-31674
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.... Read more
Affected Products : vrealize_operations- Published: Aug. 10, 2022
- Modified: Aug. 27, 2025
-
4.3
MEDIUMCVE-2021-39121
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected v... Read more
- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2025-58202
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.... Read more
Affected Products : simple_page_access_restriction- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2024-43229
Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Search Analytics: from n/a through 1.4.9.... Read more
Affected Products :- Published: Nov. 01, 2024
- Modified: Nov. 01, 2024
-
4.3
MEDIUMCVE-2025-4128
Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/t... Read more
Affected Products : mattermost_server- Published: Jun. 11, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-49755
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-58599
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58813
Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-0951
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Su... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-25026
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.... Read more
Affected Products : security_guardium- Published: May. 28, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-49736
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2024-6352
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Aug. 27, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-48310
Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4.... Read more
Affected Products : table_editor- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-55173
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources... Read more
Affected Products : next.js- Published: Aug. 29, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2024-31419
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any gues... Read more
Affected Products :- Published: Apr. 03, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-6599
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.... Read more
- Published: Dec. 08, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-52943
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.... Read more
Affected Products : surveillance_station- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
4.3
MEDIUMCVE-2024-29155
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real o... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Aug. 29, 2025
-
4.3
MEDIUMCVE-2011-5081
Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi.... Read more
- Published: Feb. 18, 2012
- Modified: Sep. 08, 2025