Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-46468

    A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.... Read more

    Affected Products : jpress
    • Published: Oct. 11, 2024
    • Modified: May. 27, 2025

  • 7.1

    HIGH
    CVE-2024-47378

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.... Read more

    Affected Products : wpcom_member
    • Published: Oct. 05, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2023-26771

    Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious pict... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-26770

    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41250

    A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing c... Read more

    Affected Products : scm_httpclient
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-41249

    A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credent... Read more

    Affected Products : scm_httpclient
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-41248

    Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products : bigpanda_notifier
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-41247

    Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : bigpanda_notifier
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41246

    A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ... Read more

    Affected Products : worksoft_execution_manager
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-40754

    In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.... Read more

    Affected Products : airflow
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-40604

    In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.... Read more

    Affected Products : airflow
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-39975

    The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "C... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-38928

    XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.... Read more

    Affected Products : xpdf
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-37877

    A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance ... Read more

    Affected Products : macos clearpass_policy_manager
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-37246

    Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.... Read more

    Affected Products : craft_cms
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37026

    In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.... Read more

    Affected Products : erlang\/otp
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2022-35085

    SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.... Read more

    Affected Products : swftools
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-32882

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-32861

    A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.... Read more

    Affected Products : macos safari
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-32211

    A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025
Showing 20 of 293284 Results