Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-39837

    Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 01, 2024
    • Modified: Sep. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-6710

    The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Aug. 05, 2024
    • Modified: Sep. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-41816

    Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output es... Read more

    Affected Products : cooked
    • Published: Aug. 05, 2024
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-7621

    The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7683

    A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripti... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7733

    A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products : fastcms fastcms
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7749

    A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting.... Read more

    • Published: Aug. 13, 2024
    • Modified: Nov. 22, 2024

  • 5.4

    MEDIUM
    CVE-2023-41844

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4... Read more

    Affected Products : fortisandbox
    • EPSS Score: %0.44
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7812

    A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The ma... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-7852

    A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross... Read more

    • Published: Aug. 16, 2024
    • Modified: Aug. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-25837

    A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.... Read more

    Affected Products : october
    • Published: Aug. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-42758

    A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-43006

    A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious Ja... Read more

    Affected Products : zzcms zzmcms
    • Published: Aug. 16, 2024
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-43326

    Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-43396

    Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitize... Read more

    Affected Products : khoj
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-36441

    Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device.... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-42762

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 22, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-42766

    Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2023-0926

    The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level per... Read more

    Affected Products : custom_permalinks
    • Published: Aug. 24, 2024
    • Modified: Sep. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-8140

    A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting... Read more

    Affected Products : task_progress_tracker
    • Published: Aug. 25, 2024
    • Modified: Aug. 26, 2024
Showing 20 of 291058 Results