Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-3871

    A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The ... Read more

    Affected Products : prime_optical
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-21636

    A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : team_foundation_server
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-0012

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.... Read more

    Affected Products : edge internet_explorer
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5451

    A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addr... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-49054

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Nov. 22, 2024
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2017-8644

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-44394

    MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65... Read more

    Affected Products : mantisbt
    • Published: Oct. 16, 2023
    • Modified: Aug. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-4484

    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against ... Read more

    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-6104

    Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : filemaker filemaker_server
    • Published: Nov. 23, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-11709

    The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This makes it possible... Read more

    Affected Products : ai_post_generator_\|_autowriter
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2022-47168

    Missing Authorization vulnerability in Printful Printful Integration for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through 2.2.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2021-4421

    The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthentic... Read more

    Affected Products : advanced_popups
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4005

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Dec. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34808

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.... Read more

    Affected Products : jch_optimize
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-39888

    Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-56254

    PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.... Read more

    Affected Products : employee_leave_management_system
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-2271

    The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack... Read more

    Affected Products : tiempo
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-5032

    IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178.... Read more

    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-41434

    PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between '... Read more

    Affected Products : tidb
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2025

  • 4.3

    MEDIUM
    CVE-2025-58783

    Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.1.... Read more

    Affected Products : gutentor
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization
Showing 20 of 293364 Results