Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-4536

    IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.... Read more

    Affected Products : openpages_grc_platform
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1342

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for ... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1705

    IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.... Read more

    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-2259

    In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items... Read more

    Affected Products : octopus_server
    • Published: Mar. 13, 2023
    • Modified: Mar. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2287

    The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server ... Read more

    Affected Products : orbitfox
    • Published: May. 30, 2023
    • Modified: Jan. 10, 2025

  • 4.3

    MEDIUM
    CVE-2023-1927

    The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unau... Read more

    Affected Products : wp_fastest_cache
    • Published: Apr. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-3201

    The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged requ... Read more

    Affected Products : mstore_api
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-23935

    Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal ... Read more

    Affected Products : discourse
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4544

    A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initia... Read more

    Affected Products : smart_s85f_management_platform
    • Published: Aug. 26, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29192

    SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.... Read more

    Affected Products : silverwaregames
    • Published: Apr. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-39264

    By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.... Read more

    Affected Products : superset
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-10299

    Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more

    • Published: Oct. 19, 2017
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2023-2563

    The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes... Read more

    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1555

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.... Read more

    Affected Products : api_connect
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-32625

    Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.... Read more

    Affected Products : ts_webfonts
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-22027

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : business_intelligence
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4941

    The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or... Read more

    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-27462

    A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to acces... Read more

    Affected Products : ruggedcom_crossbow
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-25411

    Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF).... Read more

    Affected Products : pe8108_firmware pe8108
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-38990

    An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.... Read more

    Affected Products : jeesite
    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293660 Results