Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-2994

    Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.15
    • Published: Dec. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-26083

    Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS)... Read more

    • EPSS Score: %0.26
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27338

    Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter.... Read more

    Affected Products : edge
    • EPSS Score: %0.18
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36746

    Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.... Read more

    Affected Products : blackboard_learn
    • EPSS Score: %0.21
    • Published: Jul. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-2346

    Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privilege... Read more

    • EPSS Score: %0.18
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25791

    Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, an... Read more

    • EPSS Score: %0.14
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37450

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37455

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37457

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.21
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37461

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).... Read more

    Affected Products : axon_pbx
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37449

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).... Read more

    Affected Products : ivm_attendant
    • EPSS Score: %0.18
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37534

    app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.... Read more

    Affected Products : misp
    • EPSS Score: %0.23
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37393

    In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles publi... Read more

    Affected Products : rpcms
    • EPSS Score: %0.18
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20562

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit... Read more

    • EPSS Score: %0.72
    • Published: Jul. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3173

    An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.24
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-19118

    Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.... Read more

    Affected Products : yzmcms
    • EPSS Score: %0.24
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35479

    Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.... Read more

    Affected Products : log_server
    • EPSS Score: %41.44
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24476

    The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue... Read more

    Affected Products : steam_group_viewer
    • EPSS Score: %0.21
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4707

    IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    Affected Products : api_connect
    • EPSS Score: %0.16
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-32597

    Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scrip... Read more

    Affected Products : fortimanager fortianalyzer
    • EPSS Score: %0.17
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291009 Results