Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-0592

    The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible... Read more

    Affected Products : related_posts
    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-28669

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.... Read more

    Affected Products : dedecms
    • Published: Mar. 13, 2024
    • Modified: Apr. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-28672

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.... Read more

    Affected Products : dedecms
    • Published: Mar. 13, 2024
    • Modified: Apr. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-28662

    A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.... Read more

    Affected Products : piwigo
    • Published: Mar. 13, 2024
    • Modified: May. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-27703

    Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.... Read more

    Affected Products : leantime
    • Published: Mar. 13, 2024
    • Modified: Apr. 08, 2025

  • 5.4

    MEDIUM
    CVE-2020-26052

    Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46182

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    Affected Products : sterling_secure_proxy
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28403

    TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Mar. 15, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-28401

    TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Mar. 15, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2023-51521

    Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18. ... Read more

    • Published: Mar. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4347

    A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can... Read more

    Affected Products : beetl-bbs
    • EPSS Score: %0.06
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41947

    DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could the... Read more

    Affected Products : dhis_2
    • EPSS Score: %0.08
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4336

    In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature.... Read more

    Affected Products : baota
    • EPSS Score: %0.08
    • Published: Dec. 09, 2022
    • Modified: Apr. 14, 2025

  • 5.4

    MEDIUM
    CVE-2020-9419

    Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the admi... Read more

    Affected Products : vrv9506jac23_firmware vrv9506jac23
    • EPSS Score: %0.05
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2018-14777

    An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.... Read more

    Affected Products : datalife_engine
    • EPSS Score: %0.21
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-14835

    Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.... Read more

    Affected Products : subrion subrion_cms
    • EPSS Score: %0.21
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36573

    File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.... Read more

    Affected Products : feehicms
    • EPSS Score: %0.12
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2021-39428

    Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.11
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-40000

    Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.... Read more

    Affected Products : feehicms
    • EPSS Score: %0.05
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2018-14873

    An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.... Read more

    Affected Products : rincewind
    • EPSS Score: %0.21
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results