Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-8685

    Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to list device directories via the ‘/pictory/php/getFileList.php’ endpoint in the ‘dir’ parameter.... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2019-19666

    A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.... Read more

    Affected Products : rumpus rumpus_ftp
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-41689

    Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-12046

    The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This ma... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13229

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it poss... Read more

    Affected Products : seo
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2019-12246

    SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.... Read more

    Affected Products : silverstripe framework
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9784

    A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.... Read more

    Affected Products : safari
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13425

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validatio... Read more

    Affected Products : wp_job_portal
    • Published: Feb. 01, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-56007

    Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 4.3

    MEDIUM
    CVE-2025-24420

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : commerce commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2020-9468

    The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.... Read more

    Affected Products : piwigo
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6316

    SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.... Read more

    Affected Products : s\/4hana erp
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8429

    Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 4.3

    MEDIUM
    CVE-2020-6177

    SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leak... Read more

    Affected Products : mobile_platform
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16571

    A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.... Read more

    Affected Products : rapiddeploy
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8902

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenti... Read more

    • Published: Oct. 12, 2024
    • Modified: Jan. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-9187

    The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscr... Read more

    Affected Products :
    • Published: Oct. 12, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-9778

    The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possib... Read more

    Affected Products : imagepress
    • Published: Oct. 12, 2024
    • Modified: Nov. 25, 2024

  • 4.3

    MEDIUM
    CVE-2025-1320

    The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : teachpress
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2020-6327

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293630 Results