Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2015-9392

    The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.... Read more

    Affected Products : users_ultra_membership
    • EPSS Score: %0.28
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9393

    The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.... Read more

    Affected Products : users_ultra_membership
    • EPSS Score: %0.18
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9397

    The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.... Read more

    Affected Products : gocodes
    • EPSS Score: %0.21
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16661

    Ogma CMS 0.5 has XSS via creation of a new blog.... Read more

    Affected Products : ogma_cms
    • EPSS Score: %0.19
    • Published: Sep. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16890

    Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.... Read more

    Affected Products : halo
    • EPSS Score: %0.21
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9410

    The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.... Read more

    Affected Products : powerpress
    • EPSS Score: %0.29
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9423

    The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.... Read more

    Affected Products : plugnedit
    • EPSS Score: %0.21
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9436

    The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.... Read more

    Affected Products : dynamic_widgets dynamic_widgets
    • EPSS Score: %0.23
    • Published: Sep. 26, 2019
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2019-16904

    TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)... Read more

    Affected Products : teampass
    • EPSS Score: %0.21
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16685

    Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.16
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16686

    Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.23
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16687

    Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.17
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4115

    IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    Affected Products : websphere_extreme_scale
    • EPSS Score: %0.21
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4494

    IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.28
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4495

    IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.28
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17074

    An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area.... Read more

    Affected Products : xunruicms
    • EPSS Score: %0.19
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17121

    REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.... Read more

    Affected Products : redcap
    • EPSS Score: %0.21
    • Published: Oct. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17204

    TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.... Read more

    Affected Products : teampass
    • EPSS Score: %0.19
    • Published: Oct. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16416

    HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.... Read more

    Affected Products : hrworks
    • EPSS Score: %0.21
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-10756

    It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.... Read more

    Affected Products : node-red-dashboard
    • EPSS Score: %0.21
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results