Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-50136

    Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-4247

    The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated a... Read more

    Affected Products : givewp
    • EPSS Score: %0.08
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-0423

    A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. T... Read more

    Affected Products : online_food_ordering_system
    • EPSS Score: %0.15
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-19995

    A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.22
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-23178

    An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.38
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-22493

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12339

    ArticleCMS through 2017-02-19 has XSS via an "add an article" action.... Read more

    Affected Products : articlecms
    • EPSS Score: %0.19
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-28963

    Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener allows Server Side Request Forgery. This issue affects URL Shortener: from n/a through 3.0.7.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-3194

    The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.... Read more

    Affected Products : dokan
    • EPSS Score: %0.25
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-0079

    The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role an... Read more

    Affected Products : customer_reviews_for_woocommerce
    • EPSS Score: %0.11
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-0094

    The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to per... Read more

    Affected Products : upqode_google_maps
    • EPSS Score: %0.27
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-34379

    Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. ... Read more

    Affected Products : magento_to_woocommerce_migration
    • EPSS Score: %0.04
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40702

    Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. ... Read more

    • EPSS Score: %0.04
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22549

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.... Read more

    Affected Products : flycms
    • EPSS Score: %0.08
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-22213

    Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent a... Read more

    Affected Products : deck nextcloud_server notes
    • EPSS Score: %0.37
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-32337

    IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • EPSS Score: %0.04
    • Published: Jan. 19, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11588

    Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/conf... Read more

    Affected Products : centreon centreon_web
    • EPSS Score: %0.07
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48128

    An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.17
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48130

    An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.17
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1280

    IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... Read more

    • EPSS Score: %0.18
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290981 Results