Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-2251

    Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.... Read more

    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9386

    In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.... Read more

    Affected Products : mahara
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37482

    Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2019-8925

    An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated use... Read more

    Affected Products : manageengine_netflow_analyzer
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16909

    An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plu... Read more

    Affected Products : in-app_\&_desktop_notifications
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-15412

    An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.... Read more

    Affected Products : misp misp
    • Published: Jun. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-15029

    Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-15594

    GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.... Read more

    Affected Products : gitlab
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-12846

    A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.... Read more

    Affected Products : teamcity
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6327

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16571

    A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.... Read more

    Affected Products : rapiddeploy
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4171

    IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.... Read more

    Affected Products : security_guardium_insights
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16768

    In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some interna... Read more

    Affected Products : sylius
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-5933

    Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.... Read more

    Affected Products : garoon
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-43119

    Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2020-2197

    Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.... Read more

    Affected Products : project_inheritance
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4485

    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against ... Read more

    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-13512

    Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device.... Read more

    Affected Products : frenic_loader
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2184

    A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.... Read more

    Affected Products : current_versions_systems cvs
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4173

    IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes ... Read more

    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293661 Results