Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-22896

    Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.... Read more

    Affected Products : nextcloud_server nextcloud notes
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-39208

    SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPat... Read more

    Affected Products : sharpcompress
    • Published: Sep. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37204

    Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.... Read more

    Affected Products : propertyhive
    • Published: Nov. 01, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-37249

    Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-37443

    Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-31935

    Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-12335

    The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts ca... Read more

    Affected Products : avada avada_builder
    • Published: Dec. 25, 2024
    • Modified: Apr. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-38727

    Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2023-45348

    Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False ... Read more

    Affected Products : airflow
    • Published: Oct. 14, 2023
    • Modified: Feb. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-3662

    The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authen... Read more

    Affected Products :
    • Published: Apr. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-50850

    Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-39639

    Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.... Read more

    Affected Products : wordpress_file_upload
    • Published: Nov. 01, 2024
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5016

    IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access ... Read more

    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37544

    Missing Authorization vulnerability in Tobias Conrad Get Better Reviews for WooCommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through 4.0.6.... Read more

    Affected Products :
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-43154

    Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9.... Read more

    Affected Products : advanced_cron_manager
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2023-51499

    Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6965

    The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the us... Read more

    Affected Products : pods
    • Published: Apr. 09, 2024
    • Modified: Jan. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-50701

    TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.... Read more

    Affected Products : teampass
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-5852

    The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode. This makes it possible for authenticated attackers, wit... Read more

    Affected Products : wordpress_file_upload
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6491

    The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authe... Read more

    Affected Products : getwid_-_gutenberg_blocks getwid
    • Published: Jul. 20, 2024
    • Modified: Feb. 04, 2025
Showing 20 of 293656 Results