Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-18993

    OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).... Read more

    Affected Products : openwrt
    • EPSS Score: %0.28
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-18992

    OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).... Read more

    Affected Products : openwrt
    • EPSS Score: %0.28
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19596

    GitBook through 2.6.9 allows XSS via a local .md file.... Read more

    Affected Products : gitbook
    • EPSS Score: %0.27
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-0283

    Katello: Username in Notification page has cross site scripting... Read more

    Affected Products : katello subscription_asset_manager
    • EPSS Score: %0.26
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4428

    IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more

    • EPSS Score: %0.19
    • Published: Dec. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19198

    The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.... Read more

    Affected Products : kalender
    • EPSS Score: %0.79
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-13182

    A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.... Read more

    Affected Products : serv-u_ftp_server serv-u
    • EPSS Score: %1.98
    • Published: Dec. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16563

    Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.... Read more

    Affected Products : mission_control
    • EPSS Score: %0.23
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16564

    Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.... Read more

    Affected Products : pipeline_aggregator_view
    • EPSS Score: %0.23
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19497

    MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.... Read more

    Affected Products : mdaemon_email_server
    • EPSS Score: %0.28
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19542

    The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.... Read more

    Affected Products : listingpro
    • EPSS Score: %0.16
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4318

    File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.... Read more

    Affected Products : feature
    • EPSS Score: %0.24
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4623

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.21
    • Published: Dec. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-20204

    The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.... Read more

    Affected Products : postie
    • EPSS Score: %1.11
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19266

    IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.... Read more

    Affected Products : mail_server
    • EPSS Score: %0.28
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8674

    Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary cod... Read more

    Affected Products : soplanning
    • EPSS Score: %0.66
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-9405

    A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.... Read more

    Affected Products : freebox_os
    • EPSS Score: %0.71
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-5637

    PQI AirCard has persistent XSS... Read more

    Affected Products : air_card_firmware air_card
    • EPSS Score: %0.19
    • Published: Jan. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14918

    XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpclii... Read more

    Affected Products : sg600_r2_firmware sg600_r2
    • EPSS Score: %0.19
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-6303

    SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.... Read more

    Affected Products : disclosure_management
    • EPSS Score: %0.31
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results