Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-2296

    A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.... Read more

    Affected Products : shared_objects
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9176

    Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.... Read more

    Affected Products : sexy_squeeze_pages
    • Published: Dec. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-4743

    IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The... Read more

    • Published: Dec. 20, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9004

    Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.... Read more

    Affected Products : vldpersonals
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-2282

    Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.... Read more

    Affected Products : implied_labels
    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2267

    A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.... Read more

    Affected Products : mongodb
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4595

    The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page.... Read more

    Affected Products : secure_pages
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-4649

    IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.... Read more

    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6993

    Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php.... Read more

    Affected Products : wordpress ad-minister
    • Published: Jan. 03, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-10897

    The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible f... Read more

    Affected Products : tutor_lms_elementor_addons
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 4.3

    MEDIUM
    CVE-2012-1604

    Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.... Read more

    Affected Products : nextbbs
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-20756

    Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.... Read more

    Affected Products : garoon
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-16971

    Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.... Read more

    Affected Products : learning_management_system
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6741

    The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-6520

    The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function... Read more

    Affected Products : wp_2fa
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-15198

    In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.... Read more

    Affected Products : kanboard
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-27462

    A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to acces... Read more

    Affected Products : ruggedcom_crossbow
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-2598

    Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : mysql_workbench
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4004

    The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use ... Read more

    Affected Products : donation_button
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 4.3

    MEDIUM
    CVE-2021-21568

    Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to cha... Read more

    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293528 Results