Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-2223

    The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthent... Read more

    Affected Products : image_slider
    • EPSS Score: %0.21
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-22416

    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration... Read more

    • EPSS Score: %0.10
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31858

    DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.... Read more

    Affected Products : dotnetnuke
    • EPSS Score: %0.23
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7676

    Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.... Read more

    Affected Products : moveit_dmz
    • EPSS Score: %0.01
    • Published: Apr. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-34961

    OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.... Read more

    Affected Products : open_source_social_network
    • EPSS Score: %0.57
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34988

    Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js.... Read more

    Affected Products : blockchain_altexchanger
    • EPSS Score: %0.21
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34611

    A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.... Read more

    Affected Products : online_fire_reporting_system
    • EPSS Score: %0.27
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23099

    OX App Suite through 7.10.6 allows XSS by forcing block-wise read.... Read more

    Affected Products : app_suite
    • EPSS Score: %0.68
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0698

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.18
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-33371

    A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.... Read more

    • EPSS Score: %0.19
    • Published: Jul. 28, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-34140

    A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.... Read more

    Affected Products : feehi_cms
    • EPSS Score: %1.67
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3442

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Portal.... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.18
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-2171

    The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the set... Read more

    Affected Products : progressive_license
    • EPSS Score: %0.08
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34619

    A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.... Read more

    Affected Products : mealie mealie
    • EPSS Score: %0.61
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-29057

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS... Read more

    Affected Products : fortiedr
    • EPSS Score: %0.20
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2683

    A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrI... Read more

    • EPSS Score: %0.20
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2686

    A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possibl... Read more

    Affected Products : fast_food_ordering_system
    • EPSS Score: %0.21
    • Published: Aug. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2691

    A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation... Read more

    Affected Products : wedding_hall_booking_system
    • EPSS Score: %0.21
    • Published: Aug. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2371

    The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping i... Read more

    Affected Products : yaysmtp
    • EPSS Score: %0.18
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2391

    The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.... Read more

    Affected Products : inspiro_pro
    • EPSS Score: %0.18
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291014 Results