Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-0307

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.... Read more

    Affected Products : mercuryboard
    • Published: Jan. 25, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-36915

    Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-s... Read more

    Affected Products : android_signing
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-8242

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : macos media_encoder windows
    • Published: Nov. 14, 2019
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2021-28579

    Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.... Read more

    Affected Products : connect
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2402

    Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-30684

    Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.... Read more

    Affected Products : android android dex
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-0069

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : bea_product_suite
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-0314

    Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.... Read more

    Affected Products : magic_winmail_server
    • Published: Jan. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-33947

    The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition f... Read more

    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34797

    A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.... Read more

    Affected Products : deployment_dashboard
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34798

    Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.... Read more

    Affected Products : deployment_dashboard
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34799

    Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : deployment_dashboard
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2556

    The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. ... Read more

    Affected Products : wordpress_currency_switcher
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34804

    Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.... Read more

    Affected Products : opsgenie
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2562

    The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list ... Read more

    Affected Products : gallery-metabox
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-1515

    A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is runnin... Read more

    Affected Products : sd-wan_vmanage
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2557

    The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenti... Read more

    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-1481

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2021-1477

    A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcem... Read more

    • Published: Apr. 29, 2021
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2022-34813

    A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.... Read more

    Affected Products : xpath_configuration_viewer
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294336 Results