Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-4396

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more

    • EPSS Score: %0.18
    • Published: Aug. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4525

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more

    • EPSS Score: %0.24
    • Published: Aug. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-15597

    SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.... Read more

    Affected Products : soplanning
    • EPSS Score: %0.21
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-16266

    An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of a... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.27
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5620

    Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.... Read more

    Affected Products : exment
    • EPSS Score: %0.20
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-19007

    Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.... Read more

    Affected Products : halo
    • EPSS Score: %0.19
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-13821

    An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can le... Read more

    Affected Products : broker_control_center
    • EPSS Score: %0.34
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23655

    NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."... Read more

    Affected Products : navigatecms
    • EPSS Score: %0.21
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23657

    NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."... Read more

    Affected Products : navigatecms
    • EPSS Score: %0.21
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23660

    webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."... Read more

    Affected Products : webtareas
    • EPSS Score: %0.21
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14728

    Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privile... Read more

    Affected Products : suitecommerce_advanced
    • EPSS Score: %0.18
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14729

    Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to comprom... Read more

    Affected Products : suitecommerce_advanced
    • EPSS Score: %0.25
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23983

    Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.... Read more

    Affected Products : ichat
    • EPSS Score: %0.18
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23984

    Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.... Read more

    Affected Products : online_hotel_booking_system_pro
    • EPSS Score: %0.18
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-12646

    OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.34
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20626

    lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.... Read more

    Affected Products : lara\'s_google_analytics
    • EPSS Score: %0.47
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2238

    Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.... Read more

    Affected Products : git_parameter
    • EPSS Score: %0.23
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2244

    Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test b... Read more

    Affected Products : build_failure_analyzer
    • EPSS Score: %0.17
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23450

    Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.... Read more

    Affected Products : spiceworks
    • EPSS Score: %0.43
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4445

    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    • EPSS Score: %0.24
    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results