Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-38073

    Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.... Read more

    Affected Products : awesome_support
    • EPSS Score: %0.17
    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-28978

    Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service... Read more

    • EPSS Score: %0.17
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-37338

    Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.... Read more

    Affected Products : blossom_recipe_maker
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38460

    Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.... Read more

    Affected Products : notice_board
    • EPSS Score: %0.45
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1755

    The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks... Read more

    Affected Products : svg_support
    • EPSS Score: %0.11
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-3024

    The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation ... Read more

    Affected Products : simple_bitcoin_faucets
    • EPSS Score: %0.07
    • Published: Sep. 26, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2016-3196

    Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename... Read more

    • EPSS Score: %0.47
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-38335

    Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.49
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-23726

    PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.... Read more

    Affected Products : pingcentral
    • EPSS Score: %0.24
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-32173

    In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.... Read more

    Affected Products : orchardcore
    • EPSS Score: %0.09
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-2912

    Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • EPSS Score: %0.17
    • Published: Aug. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-41392

    A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.... Read more

    Affected Products : total.js
    • EPSS Score: %0.15
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-32175

    In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying ... Read more

    Affected Products : adguardhome
    • EPSS Score: %0.05
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-5399

    Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.... Read more

    Affected Products : phpvibe
    • EPSS Score: %0.13
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-35297

    The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerabi... Read more

    Affected Products : enable_now
    • EPSS Score: %0.84
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3008

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and ... Read more

    Affected Products : connections
    • EPSS Score: %0.17
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-34021

    Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2022-21629

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • EPSS Score: %0.44
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-39420

    Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : transportation_management
    • EPSS Score: %0.46
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38901

    A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded ... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.28
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025
Showing 20 of 291058 Results