Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-4384

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    • EPSS Score: %0.18
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5751

    Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.... Read more

    Affected Products : tcexam
    • EPSS Score: %0.16
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4195

    IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's clic... Read more

    Affected Products : api_connect
    • EPSS Score: %0.09
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-6256

    SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.... Read more

    Affected Products : master_data_governance
    • EPSS Score: %0.13
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8789

    Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.... Read more

    Affected Products : composr
    • EPSS Score: %0.20
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4023

    The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.... Read more

    Affected Products : crucible fisheye
    • EPSS Score: %0.37
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-13865

    The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attri... Read more

    Affected Products : elementor_page_builder
    • EPSS Score: %0.13
    • Published: Jun. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-6266

    SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.... Read more

    Affected Products : fiori
    • EPSS Score: %0.17
    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-11838

    Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or informatio... Read more

    Affected Products : arcsight_management_center
    • EPSS Score: %0.21
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14444

    An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14445

    An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4281

    IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred... Read more

    • EPSS Score: %0.18
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-11070

    An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.... Read more

    Affected Products : mattermost_server
    • EPSS Score: %0.34
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14073

    XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with Vie... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.84
    • Published: Jun. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14006

    Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.... Read more

    • EPSS Score: %1.06
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-13248

    BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.... Read more

    Affected Products : boolebox
    • EPSS Score: %0.34
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4223

    IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    • EPSS Score: %0.18
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4557

    IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function... Read more

    • EPSS Score: %0.24
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-15514

    The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.... Read more

    Affected Products : jh_captcha
    • EPSS Score: %0.21
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-15517

    The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.... Read more

    Affected Products : faceted_search ke_search
    • EPSS Score: %0.21
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292523 Results