Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-47780

    Missing Authorization vulnerability in EasyAzon EasyAzon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through 5.1.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-45353

    An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2020-16197

    An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use.... Read more

    Affected Products : octopus_server server
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2184

    A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.... Read more

    Affected Products : current_versions_systems cvs
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-15412

    An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.... Read more

    Affected Products : misp misp
    • Published: Jun. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5804

    The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it pos... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-23711

    Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions.... Read more

    Affected Products : a2_optimized
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-2258

    In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items... Read more

    Affected Products : octopus_server
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 4.3

    MEDIUM
    CVE-2007-4453

    Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calend... Read more

    Affected Products : vbulletin
    • Published: Aug. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10664

    The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.1... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2022-30852

    Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).... Read more

    Affected Products : known
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39751

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more

    Affected Products : infosphere_information_server
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 4.3

    MEDIUM
    CVE-2007-4478

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, w... Read more

    Affected Products : internet_explorer
    • Published: Aug. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-8059

    IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.... Read more

    Affected Products :
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 4.3

    MEDIUM
    CVE-2005-0982

    Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field.... Read more

    Affected Products : yet_another_forum.net
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-44448

    A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacke... Read more

    Affected Products : jt_open_toolkit jt_utilities
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-4424

    Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribut... Read more

    Affected Products : safari
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-46028

    In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.... Read more

    Affected Products : mblog
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8050

    The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : custom_author_base
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-8245

    The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 294704 Results