Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-38110

    In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. ... Read more

    Affected Products : database_performance_analyzer
    • EPSS Score: %0.79
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28003

    Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3. ... Read more

    Affected Products :
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-37798

    A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.... Read more

    Affected Products : redcap
    • EPSS Score: %0.08
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35946

    An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.... Read more

    Affected Products : all_in_one_seo_pack
    • EPSS Score: %0.13
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4509

    The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting a... Read more

    Affected Products : content_control
    • EPSS Score: %0.10
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-23172

    An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.51
    • Published: Jan. 12, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2014-5855

    The CJmall (aka com.cjoshppingphone) application 4.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : cjmall
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-55894

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-27278

    OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the we... Read more

    Affected Products : optimelineplugin
    • Published: Mar. 06, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-49977

    A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.... Read more

    Affected Products : customer_support_system
    • Published: Mar. 06, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-1306

    The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk.... Read more

    Affected Products : smart_forms
    • Published: Apr. 15, 2024
    • Modified: Apr. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-26019

    Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.... Read more

    Affected Products : ninja_forms
    • Published: Apr. 11, 2024
    • Modified: Apr. 08, 2025

  • 5.4

    MEDIUM
    CVE-2023-0071

    The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored... Read more

    Affected Products : wp_tabs
    • EPSS Score: %0.14
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-33843

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 21, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2022-22502

    IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    • EPSS Score: %0.22
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-11127

    Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.... Read more

    Affected Products : bolt bolt_cms
    • EPSS Score: %0.21
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-24840

    Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. ... Read more

    Affected Products : element_pack
    • Published: Mar. 23, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2016-4877

    Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms mail
    • EPSS Score: %0.24
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-43742

    CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.... Read more

    Affected Products : cmsimple
    • EPSS Score: %0.20
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6817

    The Cove (aka org.covechurch.app) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : cove
    • EPSS Score: %0.04
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291659 Results