Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-2924

    IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the... Read more

    Affected Products : biginsights
    • EPSS Score: %0.16
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2020-23481

    CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.47
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-1566

    Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filenam... Read more

    Affected Products : guacamole
    • EPSS Score: %0.19
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8943

    IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    • EPSS Score: %0.23
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-29905

    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    • EPSS Score: %0.35
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24659

    The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.... Read more

    • EPSS Score: %0.18
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24660

    The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.... Read more

    • EPSS Score: %0.18
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24671

    The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : mx_time_zone_clocks
    • EPSS Score: %0.18
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20131

    LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module.... Read more

    Affected Products : laracms
    • EPSS Score: %0.28
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35198

    NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.50
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35204

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.50
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20799

    JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.... Read more

    Affected Products : jeecms
    • EPSS Score: %0.26
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38675

    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of ... Read more

    Affected Products : image2pdf nas
    • EPSS Score: %0.13
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29110

    Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.... Read more

    Affected Products : portal_for_arcgis
    • EPSS Score: %0.26
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25964

    In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS wi... Read more

    Affected Products : calibre-web calibre-web
    • EPSS Score: %0.21
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-6032

    IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    • EPSS Score: %0.30
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-24021

    An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column setti... Read more

    Affected Products : fortianalyzer
    • EPSS Score: %0.19
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0305

    IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security c... Read more

    Affected Products : connections
    • EPSS Score: %0.16
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-29855

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.22
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-21656

    XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.... Read more

    Affected Products : xyhcms
    • EPSS Score: %0.19
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291005 Results