Latest CVE Feed
-
5.5
MEDIUMCVE-2024-30039
Windows Remote Access Connection Manager Information Disclosure Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGH- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2024-30025
Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
8.1
HIGHCVE-2024-30020
Windows Cryptographic Services Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2024-30018
Windows Kernel Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 +1 more products- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
6.5
MEDIUMCVE-2024-30011
Windows Hyper-V Denial of Service Vulnerability... Read more
- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
4.3
MEDIUMCVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for aut... Read more
Affected Products : wpfront_user_role_editor- Published: Apr. 02, 2024
- Modified: Aug. 27, 2025
-
6.4
MEDIUMCVE-2024-2868
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all ver... Read more
- Published: Apr. 04, 2024
- Modified: Aug. 27, 2025
-
6.1
MEDIUMCVE-2024-2822
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the atta... Read more
Affected Products : dedecms- Published: Mar. 22, 2024
- Modified: Aug. 27, 2025
-
6.1
MEDIUMCVE-2024-2821
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. T... Read more
Affected Products : dedecms- Published: Mar. 22, 2024
- Modified: Aug. 27, 2025
-
4.4
MEDIUMCVE-2024-2689
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left u... Read more
Affected Products :- Published: Apr. 03, 2024
- Modified: Aug. 27, 2025
-
6.8
MEDIUMCVE-2024-2654
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read th... Read more
- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
6.4
MEDIUMCVE-2024-2423
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to... Read more
Affected Products : userswp- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
6.4
MEDIUMCVE-2024-2348
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : gum_elementor_addon- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
6.1
MEDIUMCVE-2024-2200
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This ... Read more
Affected Products : contact_form- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
5.9
MEDIUMCVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and se... Read more
Affected Products : enterprise_linux fedora debian_linux openssh openshift_container_platform macos filezilla_client ceph_storage freebsd keycloak +59 more products- EPSS Score: %57.19
- Published: Dec. 18, 2023
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2021-28165
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.... Read more
Affected Products : snapcenter e-series_santricity_os_controller e-series_santricity_web_services storage_replication_adapter_for_clustered_data_ontap vasa_provider_for_clustered_data_ontap communications_cloud_native_core_policy autovue_for_agile_product_lifecycle_management communications_services_gatekeeper communications_session_report_manager communications_session_route_manager +11 more products- EPSS Score: %4.69
- Published: Apr. 01, 2021
- Modified: Aug. 27, 2025
-
8.3
HIGHCVE-2021-20190
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.... Read more
- EPSS Score: %0.46
- Published: Jan. 19, 2021
- Modified: Aug. 27, 2025
-
7.5
HIGHCVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.... Read more
Affected Products : debian_linux active_iq_unified_manager weblogic_server peoplesoft_enterprise_peopletools oncommand_insight oncommand_workflow_automation communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function primavera_unifier communications_cloud_native_core_unified_data_repository +26 more products- EPSS Score: %0.31
- Published: Mar. 11, 2022
- Modified: Aug. 27, 2025
-
8.1
HIGHCVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jst... Read more
Affected Products : debian_linux communications_policy_management data_integrator retail_customer_management_and_segmentation_foundation primavera_unifier application_testing_suite goldengate_application_adapters jd_edwards_enterpriseone_tools communications_cloud_native_core_unified_data_repository retail_xstore_point_of_service +30 more products- EPSS Score: %39.67
- Published: Dec. 27, 2020
- Modified: Aug. 27, 2025