Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-14731

    An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box.... Read more

    Affected Products : zentao
    • EPSS Score: %0.19
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-10373

    A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.... Read more

    Affected Products : build_pipeline
    • EPSS Score: %0.12
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14748

    An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file conten... Read more

    Affected Products : osticket
    • EPSS Score: %0.52
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14792

    The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.... Read more

    Affected Products : wp_go_maps
    • EPSS Score: %0.21
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-0334

    When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hij... Read more

    • EPSS Score: %0.26
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-1218

    A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who succ... Read more

    Affected Products : outlook
    • EPSS Score: %8.98
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14518

    Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.... Read more

    Affected Products : evolution_cms
    • EPSS Score: %0.35
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-17790

    Prospecta Master Data Online (MDO) 2.0 has Stored XSS.... Read more

    Affected Products : master_data_online
    • EPSS Score: %0.21
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15120

    The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.... Read more

    Affected Products : kunena
    • EPSS Score: %1.43
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-11522

    OX App Suite 7.10.0 to 7.10.2 allows XSS.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.18
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4120

    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust... Read more

    Affected Products : cloud_private
    • EPSS Score: %0.28
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-13476

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.... Read more

    Affected Products : webpanel
    • EPSS Score: %0.16
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15314

    tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.16
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20986

    The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.... Read more

    Affected Products : advanced_custom_fields
    • EPSS Score: %0.23
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15480

    Domoticz 4.10717 has XSS via item.Name.... Read more

    Affected Products : domoticz
    • EPSS Score: %0.19
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15778

    The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.... Read more

    • EPSS Score: %0.39
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15830

    The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.... Read more

    Affected Products : icegram_engage icegram_express
    • EPSS Score: %0.21
    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15836

    The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.... Read more

    Affected Products : wp_ultimate_recipe
    • EPSS Score: %0.31
    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15837

    The webp-express plugin before 0.14.8 for WordPress has stored XSS.... Read more

    Affected Products : webp_express webp_express
    • EPSS Score: %0.42
    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4149

    IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site... Read more

    • EPSS Score: %0.28
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results