Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-2527

    Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24872

    The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and v... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23189

    Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23190

    Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the syst... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1258

    Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.... Read more

    Affected Products : di-604
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-4337

    The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the aha_plugin_page() function. This makes it possible for unauthenticat... Read more

    Affected Products : ahathat
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-3644

    A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-20151

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the dev... Read more

    Affected Products : ios_xe_sd-wan
    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-47674

    Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0.... Read more

    Affected Products : financial
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-7195

    The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.... Read more

    Affected Products : wp-reply_notify
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-48260

    Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-4035

    A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections an... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-10677

    The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : blue_trait_event_viewer
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-0919

    Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.... Read more

    Affected Products : os-sim
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-3647

    A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-5417

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, ... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-3628

    A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2008-1326

    Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p... Read more

    Affected Products : gallarific
    • Published: Mar. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-1314

    The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() f... Read more

    Affected Products : custom_twitter_feeds
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2008-1396

    Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.... Read more

    Affected Products : plone plone_cms
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293562 Results