Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-0221

    Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arb... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.24
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-2597

    The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary sav... Read more

    • EPSS Score: %0.11
    • Published: Sep. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0313

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.17
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2888

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.21
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-37253

    Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter... Read more

    Affected Products : crime_reporting_system
    • EPSS Score: %0.07
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38639

    A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.... Read more

    Affected Products : markdown_nice
    • EPSS Score: %0.11
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-25295

    This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but ... Read more

    Affected Products : gophish
    • EPSS Score: %0.11
    • Published: Sep. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36568

    In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.16
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-19587

    Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.... Read more

    Affected Products : yellowfin_business_intelligence
    • EPSS Score: %0.13
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37246

    Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.15
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-40219

    Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.... Read more

    Affected Products : favicon-switcher
    • EPSS Score: %0.05
    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36383

    Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress.... Read more

    Affected Products : wha_wordsearch word_search_puzzles
    • EPSS Score: %0.10
    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38073

    Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.... Read more

    Affected Products : awesome_support
    • EPSS Score: %0.17
    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-28978

    Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service... Read more

    • EPSS Score: %0.17
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-37338

    Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.... Read more

    Affected Products : blossom_recipe_maker
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38460

    Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.... Read more

    Affected Products : notice_board
    • EPSS Score: %0.45
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1755

    The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks... Read more

    Affected Products : svg_support
    • EPSS Score: %0.11
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-3024

    The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation ... Read more

    Affected Products : simple_bitcoin_faucets
    • EPSS Score: %0.07
    • Published: Sep. 26, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2016-3196

    Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename... Read more

    • EPSS Score: %0.47
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-38335

    Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.49
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025
Showing 20 of 291002 Results