Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-3947

    The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated a... Read more

    Affected Products : wp_to_do
    • Published: May. 30, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-28644

    The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.... Read more

    Affected Products : owncloud
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47865

    Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username a... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4834

    In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical ... Read more

    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-38313

    In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.... Read more

    Affected Products : firefox
    • Published: Jun. 13, 2024
    • Modified: Mar. 14, 2025

  • 4.3

    MEDIUM
    CVE-2023-48714

    Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFie... Read more

    Affected Products : framework
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-28913

    Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-25036

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 4.3

    MEDIUM
    CVE-2019-5942

    Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.... Read more

    Affected Products : garoon
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-24741

    SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read... Read more

    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-46599

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or... Read more

    Affected Products : microstation_connect microstation view
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6492

    The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in ... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-42069

    When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-37532

    SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.... Read more

    Affected Products : business_one
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36389

    In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.... Read more

    Affected Products : civicrm
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-6599

    The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5856

    The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attacke... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3846

    Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : php-pastebin
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4352

    Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To,... Read more

    Affected Products : active_mail_2003
    • Published: Dec. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-7397

    Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting ... Read more

    Affected Products : jboss_fuse async-http-client
    • Published: Jun. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294737 Results