Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-6547

    Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was onc... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.21
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11549

    An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.21
    • Published: May. 29, 2018
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-46497

    Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.... Read more

    Affected Products : evershop
    • EPSS Score: %0.05
    • Published: Dec. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49273

    Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %0.26
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49279

    Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick anoth... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %0.45
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-47324

    Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.... Read more

    Affected Products : silverpeas
    • EPSS Score: %0.28
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-47325

    Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.... Read more

    Affected Products : silverpeas
    • EPSS Score: %0.20
    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2016-10537

    backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function ... Read more

    Affected Products : backbone
    • EPSS Score: %0.19
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6774

    A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with t... Read more

    • EPSS Score: %0.14
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-50101

    JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.19
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-50102

    JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.19
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-50137

    JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.09
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6778

    Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0.... Read more

    Affected Products : clearml_server
    • EPSS Score: %0.15
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-2749

    Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low ... Read more

    • EPSS Score: %0.21
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1291

    IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would al... Read more

    • EPSS Score: %0.15
    • Published: May. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-47707

    IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    • EPSS Score: %0.06
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38513

    Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. ... Read more

    Affected Products : photo_engine
    • EPSS Score: %0.05
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6440

    A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site s... Read more

    Affected Products : book_borrower_system
    • EPSS Score: %0.13
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49269

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodifie... Read more

    • EPSS Score: %0.08
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-49272

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodif... Read more

    Affected Products : hotel_management
    • EPSS Score: %0.07
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025
Showing 20 of 290981 Results