Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-3189

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' block... Read more

    Affected Products : gutenberg_blocks_with_ai
    • Published: May. 15, 2024
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-34913

    An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : r-pan-scaffolding
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9866

    The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorizat... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-33527

    A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or... Read more

    Affected Products : ilias
    • Published: May. 21, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-30419

    Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver... Read more

    Affected Products : a-blog_cms
    • Published: May. 22, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-1446

    The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it pos... Read more

    Affected Products : social_networks_auto_poster
    • Published: May. 22, 2024
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-6487

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for a... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-35554

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.... Read more

    Affected Products : idccms idccms
    • Published: May. 22, 2024
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-29392

    Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.... Read more

    Affected Products : silverpeas
    • Published: May. 22, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-35197

    gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when clo... Read more

    Affected Products :
    • Published: May. 23, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-35085

    J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.... Read more

    Affected Products : j2eefast
    • Published: May. 23, 2024
    • Modified: Apr. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-5310

    A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remo... Read more

    Affected Products : jfinalcms
    • Published: May. 24, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-47710

    IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : security_guardium
    • Published: May. 24, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43384

    IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : aspera_console
    • Published: May. 30, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-35345

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-4379

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products : premium_addons_for_elementor
    • Published: May. 31, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-31907

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    Affected Products : planning_analytics_local
    • Published: May. 31, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-25037

    An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function.... Read more

    Affected Products :
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5112

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's we... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-0757

    The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 21, 2025
Showing 20 of 291564 Results