Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-6243

    The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. ... Read more

    Affected Products : eventon-lite
    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2022-0334

    A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradere... Read more

    Affected Products : moodle
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-38221

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-39751

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more

    Affected Products : infosphere_information_server
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-42504

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-6410

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled ke... Read more

    Affected Products : profilegrid
    • Published: Jul. 10, 2024
    • Modified: Feb. 10, 2025

  • 4.3

    MEDIUM
    CVE-2021-34782

    A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improp... Read more

    Affected Products : dna_center catalyst_center
    • Published: Oct. 06, 2021
    • Modified: Jul. 23, 2025

  • 4.3

    MEDIUM
    CVE-2021-38440

    FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.... Read more

    Affected Products : winproladder
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37147

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade... Read more

    Affected Products : glpi
    • Published: Jul. 10, 2024
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-5852

    The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode. This makes it possible for authenticated attackers, wit... Read more

    Affected Products : wordpress_file_upload
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8552

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, w... Read more

    Affected Products : download_monitor
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-47337

    Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1.... Read more

    Affected Products : joy_of_text_lite
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2022-24071

    A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.... Read more

    Affected Products : whale whale_browser
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0377

    Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to th... Read more

    Affected Products : learnpress
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-41162

    Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel rea... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 01, 2024
    • Modified: Sep. 04, 2024

  • 4.3

    MEDIUM
    CVE-2021-29700

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-20943

    A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.... Read more

    Affected Products : qibosoft
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0414

    Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-49196

    Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.... Read more

    Affected Products : pagelayer
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 294632 Results