Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-3096

    The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators... Read more

    Affected Products : wp_total_hacks
    • EPSS Score: %0.15
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2016-3003

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability th... Read more

    Affected Products : connections
    • EPSS Score: %0.20
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-4058

    Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."... Read more

    • EPSS Score: %0.09
    • Published: Sep. 27, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5398

    Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.19
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7363

    Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote adminis... Read more

    • EPSS Score: %0.33
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-41435

    OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public ... Read more

    Affected Products : luci
    • EPSS Score: %0.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-40223

    Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.... Read more

    Affected Products : searchwp
    • EPSS Score: %0.16
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41208

    Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limit... Read more

    Affected Products : financial_consolidation
    • EPSS Score: %0.29
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36776

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more

    Affected Products : linux_kernel cloud_pak_for_security
    • EPSS Score: %0.22
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3963

    A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possibl... Read more

    Affected Products : gnuboard5 gnuboard
    • EPSS Score: %0.08
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41814

    Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.... Read more

    Affected Products : bluespice
    • EPSS Score: %0.33
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42001

    Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.... Read more

    Affected Products : bluespice
    • EPSS Score: %0.33
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-44070

    Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.... Read more

    Affected Products : zenario
    • EPSS Score: %0.10
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42960

    EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.... Read more

    Affected Products : equalweb_accessibility_widget
    • EPSS Score: %0.15
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-4067

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.... Read more

    Affected Products : librenms
    • EPSS Score: %89.60
    • Published: Nov. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41788

    Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.... Read more

    Affected Products : soledad
    • EPSS Score: %0.14
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37421

    Silverstripe silverstripe/cms through 4.11.0 allows XSS.... Read more

    Affected Products : silverstripe
    • EPSS Score: %0.32
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-36111

    immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one.... Read more

    Affected Products : immudb
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45280

    A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2019-18265

    Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP hos... Read more

    • EPSS Score: %0.11
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290997 Results