Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-6103

    A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The a... Read more

    Affected Products : rx_1500_firmware rx_1500
    • EPSS Score: %0.07
    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42325

    Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.... Read more

    Affected Products : pfsense
    • EPSS Score: %48.31
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42327

    Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.... Read more

    Affected Products : pfsense
    • EPSS Score: %48.31
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46099

    A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascrip... Read more

    Affected Products : simatic_pcs_neo
    • EPSS Score: %0.10
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10227

    MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.... Read more

    Affected Products : minicms minicms
    • EPSS Score: %0.21
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-15640

    app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.21
    • Published: Apr. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-17889

    Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.... Read more

    Affected Products : kliqqi_cms
    • EPSS Score: %0.21
    • Published: Apr. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10298

    Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.... Read more

    Affected Products : discuzx discuzx
    • EPSS Score: %0.21
    • Published: Apr. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10313

    WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.53
    • Published: Apr. 24, 2018
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-46580

    Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.... Read more

    Affected Products : inventory_management
    • EPSS Score: %0.18
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-47446

    Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.... Read more

    Affected Products : pre-school_enrollment_system
    • EPSS Score: %0.48
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1750

    IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.24
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10213

    An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it.... Read more

    Affected Products : enterprise_file_sharing
    • EPSS Score: %0.21
    • Published: Apr. 25, 2018
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2018-7465

    An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will ex... Read more

    Affected Products : virtuemart
    • EPSS Score: %0.28
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1430

    IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    Affected Products : api_connect
    • EPSS Score: %0.24
    • Published: Apr. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10365

    An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.... Read more

    Affected Products : threads_to_link
    • EPSS Score: %0.19
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5509

    The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.... Read more

    Affected Products : mystickymenu my_sticky_bar
    • EPSS Score: %0.05
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5799

    The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them... Read more

    Affected Products : wp_hotel_booking
    • EPSS Score: %0.05
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10165

    Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user crea... Read more

    Affected Products : eap_controller
    • EPSS Score: %0.26
    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48124

    Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component.... Read more

    Affected Products : sup_online_shopping
    • EPSS Score: %0.93
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290983 Results