Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2022-21692

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat ... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2011-4956

    Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wordpress
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025
  • 4.3

    MEDIUM
    CVE-2022-29051

    Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.... Read more

    Affected Products : publish_over_ftp
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-21691

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming t... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-21713

    Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data ... Read more

    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2012-1459

    The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025
  • 4.3

    MEDIUM
    CVE-2022-26731

    A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.... Read more

    Affected Products : macos iphone_os ipados
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-35249

    A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
  • 4.3

    MEDIUM
    CVE-2006-4067

    Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these detail... Read more

    Affected Products : cakephp cakephp
    • Published: Aug. 10, 2006
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2022-29612

    SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misus... Read more

    Affected Products : host_agent netweaver_abap
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-29489

    Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.... Read more

    Affected Products : security
    • Published: Sep. 16, 2022
    • Modified: Feb. 19, 2025
  • 4.3

    MEDIUM
    CVE-2011-4910

    Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : joomla\! joomla
    • Published: Oct. 07, 2012
    • Modified: Apr. 11, 2025
  • 4.3

    MEDIUM
    CVE-2022-23473

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for... Read more

    Affected Products : tuleap
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-21968

    Microsoft SharePoint Server Security Feature Bypass Vulnerability... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-29238

    Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, n... Read more

    Affected Products : notebook
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-23490

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll coll... Read more

    Affected Products : bigbluebutton
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-23578

    Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer ... Read more

    Affected Products : tensorflow
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-27841

    Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication... Read more

    Affected Products : samsung_pass pass
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-21977

    Media Foundation Information Disclosure Vulnerability... Read more

    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2022-22245

    A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the ... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results