Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-2700

    Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low pri... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-55075

    Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-9542

    The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for auth... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Nov. 21, 2024
    • Modified: Nov. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-4199

    The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenti... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4282

    IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205.... Read more

    Affected Products : security_information_queue
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-12099

    The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be i... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2018-21249

    An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-2682

    Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13494

    The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for un... Read more

    Affected Products : wordpress_file_upload
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2019-4400

    IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on... Read more

    Affected Products : cloud_orchestrator
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4601

    IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system.... Read more

    Affected Products : rational_quality_manager
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2719

    Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged att... Read more

    Affected Products : banking_corporate_lending
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-27318

    Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-39586

    Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : emc_appsync appsync
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2016-6586

    A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.... Read more

    Affected Products : norton_mobile_security
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34756

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-12062

    The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This m... Read more

    Affected Products : charity_addon_for_elementor
    • Published: Dec. 03, 2024
    • Modified: Mar. 27, 2025

  • 4.3

    MEDIUM
    CVE-2020-25026

    The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.... Read more

    Affected Products : event_management_and_registration
    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-11081

    An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-19295

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 54... Read more

    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293618 Results