Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-43866

    IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    • EPSS Score: %0.14
    • Published: May. 05, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-0280

    The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : ultimate_carousel_for_elementor
    • EPSS Score: %0.16
    • Published: May. 08, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2023-0537

    The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role... Read more

    Affected Products : product_slider_for_woocommerce
    • EPSS Score: %0.14
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-1651

    The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping o... Read more

    Affected Products : ai_chatbot wpbot
    • EPSS Score: %0.10
    • Published: May. 08, 2023
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-30787

    MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.... Read more

    Affected Products : monica
    • EPSS Score: %0.26
    • Published: May. 08, 2023
    • Modified: Feb. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-30790

    MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.... Read more

    Affected Products : monica
    • EPSS Score: %0.26
    • Published: May. 08, 2023
    • Modified: Feb. 03, 2025

  • 5.4

    MEDIUM
    CVE-2015-5379

    Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.... Read more

    Affected Products : axigen_mail_server
    • EPSS Score: %0.10
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-3049

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force... Read more

    Affected Products : openpages_grc_platform
    • EPSS Score: %0.18
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1164

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB... Read more

    • EPSS Score: %0.27
    • Published: Oct. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1169

    IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru... Read more

    • EPSS Score: %0.27
    • Published: Oct. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1363

    IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    • EPSS Score: %0.25
    • Published: Oct. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-25834

    Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.... Read more

    Affected Products : portal_for_arcgis
    • EPSS Score: %0.11
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-31804

    Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.46
    • Published: May. 09, 2023
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2023-25833

    There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change ... Read more

    Affected Products : portal_for_arcgis
    • EPSS Score: %0.32
    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-27888

    Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.... Read more

    Affected Products : joruri_gw
    • EPSS Score: %0.30
    • Published: May. 10, 2023
    • Modified: Jan. 27, 2025

  • 5.4

    MEDIUM
    CVE-2017-15936

    In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.... Read more

    Affected Products : pandora_fms
    • EPSS Score: %0.27
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-29983

    Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.... Read more

    Affected Products : companymaps
    • EPSS Score: %38.19
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2017-12460

    An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a w... Read more

    • EPSS Score: %0.32
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16230

    In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.... Read more

    Affected Products : typecho
    • EPSS Score: %0.21
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-0490

    The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : f\(x\)_toc
    • EPSS Score: %0.09
    • Published: May. 15, 2023
    • Modified: Jan. 14, 2025
Showing 20 of 290954 Results