Latest CVE Feed
-
4.3
MEDIUMCVE-2020-8119
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.... Read more
Affected Products : nextcloud_server- Published: Feb. 04, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-34803
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenki... Read more
Affected Products : opsgenie- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31443
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... Read more
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31600
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated u... Read more
- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31445
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... Read more
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-7967
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).... Read more
Affected Products : gitlab- Published: Feb. 05, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-30156
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.... Read more
- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-8545
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.... Read more
- Published: Nov. 14, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-5947
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Onl... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +9 more products- Published: Nov. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-14483
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Securit... Read more
- Published: Aug. 13, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-13230
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).... Read more
- Published: May. 20, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2014-8642
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network dur... Read more
- Published: Jan. 14, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2018-8320
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 201... Read more
- Published: Oct. 10, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-5840
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.... Read more
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-8235
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.... Read more
- Published: Jun. 14, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-27659
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMU... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- Published: May. 05, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31463
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... Read more
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-6688
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup f... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- Published: Dec. 23, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-4886
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request... Read more
Affected Products : buddyboss_platform- Published: Jun. 05, 2024
- Modified: Mar. 27, 2025
-
4.3
MEDIUMCVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.... Read more
Affected Products : job_and_node_ownership- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024