Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-21230

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.... Read more

    • EPSS Score: %0.07
    • Published: Apr. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-51157

    Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.... Read more

    Affected Products : wdms
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-8536

    The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored... Read more

    Affected Products : ultimate_blocks
    • Published: Sep. 30, 2024
    • Modified: Oct. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-45920

    A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.... Read more

    Affected Products : solvait
    • Published: Sep. 30, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-47172

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The in... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 30, 2024

  • 5.4

    MEDIUM
    CVE-2024-46081

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to v... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-47594

    SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registere... Read more

    Affected Products : netweaver_enterprise_portal
    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-9021

    In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor... Read more

    Affected Products : relevanssi
    • Published: Oct. 08, 2024
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-46237

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.... Read more

    Affected Products : hospital_management_system
    • Published: Oct. 09, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-7049

    In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.... Read more

    Affected Products : open_webui
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-9805

    A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cro... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 5.4

    MEDIUM
    CVE-2022-4973

    WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it poss... Read more

    Affected Products : wordpress
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 5.4

    MEDIUM
    CVE-2023-7287

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it poss... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-49293

    Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.... Read more

    Affected Products : wp_vr
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-20298

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. T... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 31, 2024

  • 5.4

    MEDIUM
    CVE-2022-30359

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-10412

    A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross ... Read more

    Affected Products : guns-medial
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50348

    InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This v... Read more

    Affected Products : instantcms
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-48569

    Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-37250

    Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 291312 Results