Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-4149

    IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site... Read more

    • EPSS Score: %0.28
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16173

    LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.59
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16178

    A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.34
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18601

    The examapp plugin 1.0 for WordPress has XSS via exam input text fields.... Read more

    Affected Products : ibps_online_exam
    • EPSS Score: %0.15
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16193

    In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.... Read more

    Affected Products : portal_for_arcgis arcgis_enterprise
    • EPSS Score: %0.18
    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-1010147

    Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.... Read more

    Affected Products : remedy_smart_reporting yellowfin_bi
    • EPSS Score: %0.18
    • Published: Jul. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-6835

    A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15)... Read more

    • EPSS Score: %0.34
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16216

    Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.30
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9393

    The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.... Read more

    Affected Products : users_ultra_membership
    • EPSS Score: %0.18
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16661

    Ogma CMS 0.5 has XSS via creation of a new blog.... Read more

    Affected Products : ogma_cms
    • EPSS Score: %0.19
    • Published: Sep. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16890

    Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.... Read more

    Affected Products : halo
    • EPSS Score: %0.21
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9423

    The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.... Read more

    Affected Products : plugnedit
    • EPSS Score: %0.21
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16685

    Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.16
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4115

    IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    Affected Products : websphere_extreme_scale
    • EPSS Score: %0.21
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4494

    IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.28
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4495

    IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.28
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17074

    An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area.... Read more

    Affected Products : xunruicms
    • EPSS Score: %0.19
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17121

    REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.... Read more

    Affected Products : redcap
    • EPSS Score: %0.21
    • Published: Oct. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16416

    HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.... Read more

    Affected Products : hrworks
    • EPSS Score: %0.21
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17434

    LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.... Read more

    Affected Products : lavalite
    • EPSS Score: %0.19
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292319 Results