Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.4

MEDIUM

CVE-2018-18880

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script....

Affected Products : weather_microserver_firmware weather_microserver
EPSS Score: %0.12

Published: Jun. 18, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2018-18875

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php....

Affected Products : weather_microserver_firmware weather_microserver
EPSS Score: %0.12

Published: Jun. 18, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-11649

Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s br...

Affected Products : fortify_software_security_center
EPSS Score: %0.17

Published: Jun. 19, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2018-16247

YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter....

Affected Products : yzmcms
EPSS Score: %0.26

Published: Jun. 20, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the user...

Affected Products : espressreport_es
EPSS Score: %0.16

Published: Jun. 24, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2018-1758

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_software_architect_design_manager rational_team_concert rhapsody_model_manager
EPSS Score: %0.21

Published: Jun. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2018-1760

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_software_architect_design_manager rational_team_concert rhapsody_model_manager
EPSS Score: %0.21

Published: Jun. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2018-1828

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_software_architect_design_manager rational_team_concert rhapsody_model_manager
EPSS Score: %0.21

Published: Jun. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2018-1893

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_software_architect_design_manager rational_team_concert rhapsody_model_manager
EPSS Score: %0.21

Published: Jun. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-4083

IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona...

Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_software_architect_design_manager rational_team_concert
EPSS Score: %0.28

Published: Jun. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-13072

Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page....

Affected Products : zoneminder
EPSS Score: %0.27

Published: Jun. 30, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2016-5236

Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature....

Affected Products : websafe_alert_server
EPSS Score: %0.25

Published: Jul. 01, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-1010307

GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is...

Affected Products : glpi
EPSS Score: %0.25

Published: Jul. 15, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-13645

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must h...

Affected Products : firefly_iii
EPSS Score: %0.21

Published: Jul. 18, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-13646

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabili...

Affected Products : firefly_iii
EPSS Score: %0.21

Published: Jul. 18, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-13948

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element....

Affected Products : syguestbook_a5
EPSS Score: %0.21

Published: Jul. 18, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-14297

Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx....

Affected Products : one_reporter
EPSS Score: %0.18

Published: Jul. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-14298

Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx....

Affected Products : one_reporter
EPSS Score: %0.18

Published: Jul. 27, 2019

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2019-1105

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker ...

Affected Products : outlook
EPSS Score: %0.53

Published: Jul. 29, 2019

Modified: May. 20, 2025
5.4

MEDIUM

CVE-2019-1020005

invenio-communities before 1.0.0a20 allows XSS....

Affected Products : invenio-communities
EPSS Score: %0.21

Published: Jul. 29, 2019

Modified: Nov. 21, 2024

Showing 20 of 291802 Results

Latest CVE Feed

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

5.4

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable