Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-20620

    Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : ssh_agent
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3720

    Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-20612

    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.... Read more

    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-5295

    Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.... Read more

    Affected Products : wordpress
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-0775

    The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment... Read more

    Affected Products : woocommerce woocommerce
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-43950

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected... Read more

    Affected Products : jira_service_management
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-20616

    Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it'... Read more

    Affected Products : credentials_binding
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-20618

    A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : bitbucket_branch_source
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3672

    The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and... Read more

    Affected Products : ffmpeg
    • Published: Jun. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-37967

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1324

    MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) ... Read more

    Affected Products : kerberos_5
    • Published: Dec. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-36019

    Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the contex... Read more

    Affected Products : windows after_effects
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-30529

    Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.... Read more

    Affected Products : lucene-search
    • Published: Apr. 12, 2023
    • Modified: Feb. 07, 2025

  • 4.3

    MEDIUM
    CVE-2022-0833

    The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requestin... Read more

    Affected Products : church_admin
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-43951

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affec... Read more

    Affected Products : jira_service_management
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36014

    Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the cont... Read more

    Affected Products : media_encoder windows
    • Published: Aug. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-44702

    Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obta... Read more

    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36053

    XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this iss... Read more

    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36127

    An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed acc... Read more

    Affected Products : mediawiki
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39411

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024
Showing 20 of 293624 Results