Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-45839

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions.... Read more

    Affected Products : wha_puzzle
    • EPSS Score: %0.17
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-29774

    Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).... Read more

    Affected Products : dreamer_cms
    • EPSS Score: %0.08
    • Published: Apr. 18, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-21936

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • EPSS Score: %0.36
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-25759

    OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.... Read more

    Affected Products : tripleplay
    • EPSS Score: %1.21
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-27090

    Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.... Read more

    Affected Products : teacms
    • EPSS Score: %0.08
    • Published: Apr. 20, 2023
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-1875

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.09
    • Published: Apr. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-27619

    Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.... Read more

    Affected Products : regina_lite
    • EPSS Score: %0.11
    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-26843

    A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.... Read more

    Affected Products : churchcrm
    • EPSS Score: %12.57
    • Published: Apr. 25, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2017-10304

    Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to... Read more

    • EPSS Score: %0.21
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-2327

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.00
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2328

    Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.00
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2343

    Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.00
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2364

    A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is p... Read more

    • EPSS Score: %0.11
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-28471

    Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.98
    • Published: Apr. 28, 2023
    • Modified: Jan. 31, 2025

  • 5.4

    MEDIUM
    CVE-2023-28819

    Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %1.82
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-30405

    A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.... Read more

    • EPSS Score: %5.33
    • Published: Apr. 28, 2023
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-29643

    Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.... Read more

    Affected Products : perfreeblog
    • EPSS Score: %0.43
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-2475

    A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may ... Read more

    Affected Products : j2eefast
    • EPSS Score: %0.06
    • Published: May. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-8748

    In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.... Read more

    Affected Products : nifi
    • EPSS Score: %0.49
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-1383

    An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen vers... Read more

    • EPSS Score: %0.06
    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290955 Results