Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-43384

    IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : aspera_console
    • Published: May. 30, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-35345

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-4379

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products : premium_addons_for_elementor
    • Published: May. 31, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-31907

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    Affected Products : planning_analytics_local
    • Published: May. 31, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-25037

    An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function.... Read more

    Affected Products :
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5112

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's we... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-0757

    The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-45635

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3099

    A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, a... Read more

    Affected Products : mlflow
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-36775

    A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.... Read more

    Affected Products : monstra
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6876

    The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0.... Read more

    Affected Products : clever_fox
    • Published: Jun. 07, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4756

    The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wp_backpack
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-21748

    Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.... Read more

    Affected Products : icegram_express
    • Published: Jun. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34690

    SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report... Read more

    Affected Products : student_life_cycle_management
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-35663

    Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-40672

    Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22855

    A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.... Read more

    Affected Products : imlog imlog
    • Published: Jun. 12, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-36647

    A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page.... Read more

    Affected Products :
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28968

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit... Read more

    Affected Products : secure_connect_gateway
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-51497

    Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9.... Read more

    Affected Products : shipping_multiple_addresses
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291058 Results