Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2024-44919

    A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.... Read more

    Affected Products : seacms
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024
  • 5.4

    MEDIUM
    CVE-2024-8328

    Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scr... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024
  • 5.4

    MEDIUM
    CVE-2024-6585

    Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A thr... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024
  • 5.4

    MEDIUM
    CVE-2024-43412

    Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Use... Read more

    Affected Products : xibo
    • Published: Sep. 03, 2024
    • Modified: Sep. 12, 2024
  • 5.4

    MEDIUM
    CVE-2024-8121

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This ma... Read more

    Affected Products : wp_extended
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024
  • 5.4

    MEDIUM
    CVE-2024-8407

    A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of... Read more

    Affected Products : akademy
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024
  • 5.4

    MEDIUM
    CVE-2024-45177

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration i... Read more

    Affected Products :
    • Published: Sep. 04, 2024
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2024-5309

    The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analyt... Read more

    Affected Products : form_vibes
    • Published: Sep. 05, 2024
    • Modified: Sep. 11, 2024
  • 5.4

    MEDIUM
    CVE-2024-44837

    A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.... Read more

    Affected Products : drug
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024
  • 5.4

    MEDIUM
    CVE-2024-6859

    The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : wp_multitasking
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024
  • 5.4

    MEDIUM
    CVE-2024-5416

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization a... Read more

    Affected Products : website_builder
    • Published: Sep. 11, 2024
    • Modified: Sep. 26, 2024
  • 5.4

    MEDIUM
    CVE-2020-24061

    Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script... Read more

    Affected Products : kw5515_firmware kw5515
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024
  • 5.4

    MEDIUM
    CVE-2023-3410

    The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke... Read more

    Affected Products : bricks
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024
  • 5.4

    MEDIUM
    CVE-2024-8863

    A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site... Read more

    Affected Products : aim
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024
  • 5.4

    MEDIUM
    CVE-2024-39910

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being upload... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024
  • 5.4

    MEDIUM
    CVE-2016-9986

    IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.27
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-9987

    IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.27
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-9988

    IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.27
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-9989

    IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.27
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2021-24897

    The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks... Read more

    Affected Products : add_subtitle
    • EPSS Score: %0.17
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291024 Results