Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-1729

    Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization.... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-42475

    The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.... Read more

    Affected Products : s\/4hana
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1341

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible f... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3782

    Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-1339

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-1880

    A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to... Read more

    Affected Products : i11_firmware i12_firmware
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-30631

    Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function.... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Mar. 29, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2014-3266

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.... Read more

    Affected Products : security_manager
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-33264

    In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.... Read more

    Affected Products : hazelcast
    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6493

    The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' func... Read more

    Affected Products : depicter_slider
    • Published: Jan. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4204

    The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible f... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-0290

    Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the ... Read more

    Affected Products : velociraptor
    • Published: Jan. 18, 2023
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6625

    The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-1768

    Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.... Read more

    Affected Products : mephisto mephisto_edge
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4540

    Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : oleggo_livestream
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-31385

    Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. ... Read more

    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1842

    The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack... Read more

    Affected Products : openbook_book_data
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1357

    Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML... Read more

    • Published: Aug. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-0762

    The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack... Read more

    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2024-30546

    Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293633 Results