Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-5689

    In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Fi... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4201

    Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.... Read more

    Affected Products : subscription_asset_manager katello
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-0691

    The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to ... Read more

    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6999

    Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Mar. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-7019

    Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: Sep. 23, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-7020

    Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Sep. 23, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2015-3005

    Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitra... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +3 more products
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-5591

    IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows jazz_foundation
    • Published: Jan. 03, 2025
    • Modified: Mar. 21, 2025

  • 4.3

    MEDIUM
    CVE-2024-7046

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/det... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-0584

    The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the '... Read more

    Affected Products : vk_blocks
    • Published: Jun. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5677

    The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Jul. 10, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-57969

    app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.... Read more

    Affected Products : misp
    • Published: Feb. 14, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-8974

    Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2023-0453

    The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private... Read more

    Affected Products : wp_private_messaging
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-0293

    The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subsc... Read more

    Affected Products : mediamatic
    • Published: Jan. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-7429

    The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated at... Read more

    Affected Products : zotpress
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-57161

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html... Read more

    • Published: Jan. 16, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-0583

    The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to ch... Read more

    Affected Products : vk_blocks
    • Published: Jun. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-7417

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and abov... Read more

    Affected Products : royal_elementor_addons
    • Published: Oct. 17, 2024
    • Modified: Jan. 10, 2025

  • 4.3

    MEDIUM
    CVE-2022-39975

    The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "C... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025
Showing 20 of 292811 Results