Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-22177

    Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.... Read more

    Affected Products : gitlab
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1669

    Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Sear... Read more

    Affected Products : web_mail mail_server
    • Published: Sep. 10, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-22176

    An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests... Read more

    Affected Products : gitlab
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22134

    A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document.... Read more

    • Published: Mar. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1713

    Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.... Read more

    Affected Products : serendipity
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2352

    Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.... Read more

    Affected Products : gbook
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2919

    The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated... Read more

    Affected Products : tutor_lms
    • Published: Sep. 10, 2024
    • Modified: Sep. 26, 2024

  • 4.3

    MEDIUM
    CVE-2023-2941

    Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: L... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 30, 2023
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-43417

    Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth... Read more

    Affected Products : katalon
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43432

    Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : xframium_builder
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2021-21682

    Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.... Read more

    Affected Products : jenkins windows
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21674

    A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.... Read more

    Affected Products : requests
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21672

    Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : selenium_html_report
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21651

    Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.... Read more

    Affected Products : s3_publisher
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21650

    Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Ru... Read more

    Affected Products : s3_publisher
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21624

    An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.... Read more

    Affected Products : role-based_authorization_strategy
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0791

    Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.... Read more

    Affected Products : phpadsnew
    • Published: Mar. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2895

    The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauth... Read more

    Affected Products : wp_easycart
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21492

    SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.... Read more

    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2896

    The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenti... Read more

    Affected Products : wp_easycart
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294421 Results