Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-21882

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco... Read more

    Affected Products : mysql mysql_server
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-21874

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more

    Affected Products : mysql mysql_server
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-8350

    The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible fo... Read more

    Affected Products : uncanny_groups_for_learndash
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 2.7

    LOW
    CVE-2023-34110

    Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-2556

    The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it c... Read more

    Affected Products : mailchimp_for_woocommerce
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-10102

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2022-36168

    A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:... Read more

    Affected Products : wuzhicms
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-37361

    REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.... Read more

    Affected Products : redcap
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-49652

    Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credent... Read more

    Affected Products : google_compute_engine
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2006-6607

    The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing th... Read more

    Affected Products : tivoli_identity_manager
    • Published: Dec. 18, 2006
    • Modified: Apr. 09, 2025

  • 2.7

    LOW
    CVE-2021-22133

    The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the ... Read more

    Affected Products : apm_agent
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2014-4021

    Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : xen
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2024-52589

    Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to ... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 2.7

    LOW
    CVE-2022-21432

    Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role ... Read more

    Affected Products : database text
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-3073

    The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when v... Read more

    Affected Products : easy_wp_smtp
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2014-0624

    EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.... Read more

    Affected Products : rsa_data_loss_prevention
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2013-4375

    The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.... Read more

    Affected Products : qemu xen
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2025-54873

    RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-46777

    A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secre... Read more

    Affected Products : fortiportal
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-52905

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.... Read more

    • Published: Mar. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293350 Results