Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-32511

    QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Sto... Read more

    Affected Products : storage_manager
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39596

    Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application... Read more

    Affected Products : enable_now
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-36106

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters ... Read more

    Affected Products : argo-cd argo_cd
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34823

    Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3. ... Read more

    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31859

    Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31444

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... Read more

    Affected Products : foxit_reader phantompdf reader windows
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31264

    Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31251

    Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. ... Read more

    Affected Products : peepso
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31239

    Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31289

    Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5855

    The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and in... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-51499

    Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34152

    Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query r... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-3662

    The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authen... Read more

    Affected Products :
    • Published: Apr. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32991

    Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.... Read more

    Affected Products : diaenergie
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-33851

    phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.)... Read more

    Affected Products :
    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4138

    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users aff... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5616

    A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion o... Read more

    Affected Products : localai
    • Published: Jul. 06, 2024
    • Modified: Jul. 15, 2025

  • 4.3

    MEDIUM
    CVE-2021-26076

    The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform ... Read more

    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-33605

    Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.... Read more

    Affected Products : vaadin vaadin-checkbox-flow
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293545 Results