Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-47581

    SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2023-26041

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended... Read more

    Affected Products : nextcloud_server nextcloud_talk notes
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-48900

    A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.... Read more

    Affected Products : moodle
    • Published: Nov. 13, 2024
    • Modified: Jun. 13, 2025

  • 4.3

    MEDIUM
    CVE-2020-4260

    IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.... Read more

    Affected Products : urbancode_deploy
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-45660

    Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Ne... Read more

    Affected Products : nextcloud_server mail notes
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6598

    The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_d... Read more

    Affected Products : speedycache
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-40596

    An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)... Read more

    Affected Products : mediawiki
    • Published: Jul. 07, 2024
    • Modified: Mar. 18, 2025

  • 4.3

    MEDIUM
    CVE-2024-54357

    Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.... Read more

    Affected Products : avada
    • Published: Dec. 16, 2024
    • Modified: Apr. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-3243

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticate... Read more

    Affected Products : customer_reviews_for_woocommerce
    • Published: Apr. 16, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-32450

    Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpTravelly.This issue affects WpTravelly: from n/a through 1.6.0. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-54127

    This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successfu... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 4.3

    MEDIUM
    CVE-2009-3191

    Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php.... Read more

    Affected Products : pad_site_scripts
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-51380

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in ver... Read more

    Affected Products : enterprise_server
    • Published: Dec. 21, 2023
    • Modified: Dec. 16, 2024

  • 4.3

    MEDIUM
    CVE-2022-32170

    The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.... Read more

    Affected Products : bytebase
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2012-1046

    Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.... Read more

    Affected Products : cognos_tm1
    • Published: Feb. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-0067

    Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS ver... Read more

    Affected Products : axis_os
    • Published: Sep. 10, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2021-34626

    A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.... Read more

    Affected Products : wp-upload-restriction
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-38482

    A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.... Read more

    Affected Products : hopex
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2023-5902

    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkp_web_application_library
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-27525

    An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1 ... Read more

    Affected Products : superset
    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results