Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-50876

    Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-50777

    Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : paaslane_estimate
    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2012-3976

    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information... Read more

    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-2203

    WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.... Read more

    Affected Products : wordpress
    • Published: Jul. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10389

    A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.... Read more

    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10409

    A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.... Read more

    Affected Products : project_inheritance
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-12432

    An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-8453

    Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to ... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-10442

    A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.... Read more

    Affected Products : icescrum
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10452

    Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.... Read more

    Affected Products : view26_test-reporting
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10447

    Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.... Read more

    Affected Products : sofy.ai
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10455

    A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.... Read more

    Affected Products : rundeck
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3548

    The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a... Read more

    Affected Products : wireshark
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10454

    A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.... Read more

    Affected Products : rundeck
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-50877

    Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2007-5142

    Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from thi... Read more

    Affected Products : novus
    • Published: Sep. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-24436

    A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : github_pull_request_builder
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 4.3

    MEDIUM
    CVE-2012-3508

    Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10456

    A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10465

    A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified pa... Read more

    Affected Products : deploy_weblogic
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294336 Results