Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-4785

    The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe... Read more

    Affected Products : video_sidebar_widgets
    • EPSS Score: %0.10
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2018-15365

    A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in o... Read more

    Affected Products : deep_discovery_inspector
    • EPSS Score: %0.60
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1006

    A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suff... Read more

    Affected Products : medical_certificate_generator_app
    • EPSS Score: %0.05
    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-22860

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS... Read more

    Affected Products : cloud_pak_for_business_automation
    • EPSS Score: %0.09
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1649

    IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.16
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4829

    The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scr... Read more

    Affected Products : show-hide_\/_collapse-expand
    • EPSS Score: %0.11
    • Published: Feb. 27, 2023
    • Modified: Mar. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-0539

    The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe... Read more

    Affected Products : gs_insever_portfolio
    • EPSS Score: %0.15
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1691

    IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.16
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-23992

    Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete.... Read more

    Affected Products : automatorwp
    • EPSS Score: %0.08
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1605

    IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.16
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-27292

    An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.... Read more

    Affected Products : opencats
    • EPSS Score: %7.74
    • Published: Feb. 28, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-45804

    Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate.... Read more

    Affected Products : robo_gallery
    • EPSS Score: %0.04
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-46797

    Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.... Read more

    Affected Products : conversios.io conversios
    • EPSS Score: %0.04
    • Published: Mar. 01, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-26056

    XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14... Read more

    Affected Products : xwiki
    • EPSS Score: %0.22
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2006-10001

    A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to... Read more

    • EPSS Score: %0.11
    • Published: Mar. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0064

    The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo... Read more

    • EPSS Score: %0.11
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-0076

    The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : download_attachments
    • EPSS Score: %0.10
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36399

    In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • EPSS Score: %0.53
    • Published: Mar. 06, 2023
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-42248

    QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.... Read more

    Affected Products : qlikview
    • EPSS Score: %0.07
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-24282

    An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.... Read more

    Affected Products : trio_8800_firmware trio_8800
    • EPSS Score: %0.24
    • Published: Mar. 08, 2023
    • Modified: Mar. 05, 2025
Showing 20 of 290958 Results