Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-4909

    Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0881

    An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from... Read more

    Affected Products : zulip_server
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-5419

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7823

    Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wnc01wh_firmware wnc01wh
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-6520

    The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function... Read more

    Affected Products : wp_2fa
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-5411

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : funnelforms_free funnelforms
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-9461

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated att... Read more

    Affected Products : owncloud nextcloud_server
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-29296

    Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerabi... Read more

    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4189

    IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.... Read more

    Affected Products : linux_kernel security_guardium
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-44284

    Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL comm... Read more

    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4967

    IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.... Read more

    Affected Products : cloud_pak_for_security
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-17422

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more

    Affected Products : foxit_studio_photo
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4686

    The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles ... Read more

    Affected Products : wp_customer_reviews
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4082

    pimcore is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : pimcore
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1099

    IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.... Read more

    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-1390

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in a... Read more

    • Published: Feb. 29, 2024
    • Modified: Jan. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-1336

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possi... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2023-5525

    The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.... Read more

    Affected Products : limit_login_attempts_reloaded
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0984

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 27, 2024

  • 4.3

    MEDIUM
    CVE-2023-42505

    An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.... Read more

    Affected Products : superset
    • Published: Nov. 28, 2023
    • Modified: Feb. 13, 2025
Showing 20 of 293493 Results