Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-10767

    cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.22
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10774

    cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.30
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18481

    cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.30
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14669

    Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.... Read more

    Affected Products : firefly_iii
    • EPSS Score: %0.21
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10778

    cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.34
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10779

    cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.30
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10782

    cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.34
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-12950

    An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.... Read more

    Affected Products : teampass
    • EPSS Score: %0.21
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14731

    An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box.... Read more

    Affected Products : zentao
    • EPSS Score: %0.19
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-10373

    A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.... Read more

    Affected Products : build_pipeline
    • EPSS Score: %0.12
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14748

    An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file conten... Read more

    Affected Products : osticket
    • EPSS Score: %0.52
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14792

    The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.... Read more

    Affected Products : wp_go_maps
    • EPSS Score: %0.21
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-0334

    When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hij... Read more

    • EPSS Score: %0.26
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-1218

    A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who succ... Read more

    Affected Products : outlook
    • EPSS Score: %8.98
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14518

    Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.... Read more

    Affected Products : evolution_cms
    • EPSS Score: %0.35
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-17790

    Prospecta Master Data Online (MDO) 2.0 has Stored XSS.... Read more

    Affected Products : master_data_online
    • EPSS Score: %0.21
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15120

    The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.... Read more

    Affected Products : kunena
    • EPSS Score: %1.43
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-11522

    OX App Suite 7.10.0 to 7.10.2 allows XSS.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.18
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4120

    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust... Read more

    Affected Products : cloud_private
    • EPSS Score: %0.28
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-13476

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.... Read more

    Affected Products : webpanel
    • EPSS Score: %0.16
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291401 Results