Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-0847

    The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-51519

    Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2.... Read more

    Affected Products : slider
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34883

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-35628

    Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.... Read more

    Affected Products : photo_gallery
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42062

    SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor... Read more

    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6410

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled ke... Read more

    Affected Products : profilegrid
    • Published: Jul. 10, 2024
    • Modified: Feb. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-32787

    Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.... Read more

    Affected Products :
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-41809

    SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.... Read more

    Affected Products : m-files_server
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32821

    Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9.... Read more

    Affected Products :
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47727

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2021-34421

    The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user e... Read more

    Affected Products : keybase
    • Published: Nov. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-23996

    Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.... Read more

    Affected Products : wear_os
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4722

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0174

    Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5855

    The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and in... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-35921

    fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu wi... Read more

    Affected Products : byobu
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32991

    Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.... Read more

    Affected Products : diaenergie
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32783

    Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43949

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.2... Read more

    Affected Products : jira_service_management
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-41729

    Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on conf... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024
Showing 20 of 294533 Results