Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-32651

    OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree u... Read more

    Affected Products : onedev
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-32129

    Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-5016

    IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access ... Read more

    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39751

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more

    Affected Products : infosphere_information_server
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 4.3

    MEDIUM
    CVE-2023-47727

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-25906

    Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-48047

    Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-4138

    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users aff... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5616

    A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion o... Read more

    Affected Products : localai
    • Published: Jul. 06, 2024
    • Modified: Jul. 15, 2025

  • 4.3

    MEDIUM
    CVE-2023-6243

    The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. ... Read more

    Affected Products : eventon-lite
    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-9889

    The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level... Read more

    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2021-21493

    When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the applic... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-33605

    Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.... Read more

    Affected Products : vaadin vaadin-checkbox-flow
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2021-41809

    SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.... Read more

    Affected Products : m-files_server
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-36122

    Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the... Read more

    Affected Products : discourse
    • Published: Jul. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34806

    Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34755

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0377

    Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to th... Read more

    Affected Products : learnpress
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-1994

    The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Apr. 06, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293262 Results