Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-2279

    The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenti... Read more

    Affected Products : wp_directory_kit
    • EPSS Score: %0.06
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2354

    The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products : chp_ads_block_detector
    • EPSS Score: %0.12
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6867

    Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.... Read more

    Affected Products : alibaba_clone_script
    • EPSS Score: %0.18
    • Published: Feb. 23, 2018
    • Modified: Mar. 19, 2025

  • 5.4

    MEDIUM
    CVE-2017-16767

    Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.... Read more

    Affected Products : surveillance_station
    • EPSS Score: %0.19
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41327

    WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed lis... Read more

    Affected Products : studio wiremock
    • EPSS Score: %0.12
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-4878

    Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.... Read more

    Affected Products : instantcms icms2
    • EPSS Score: %0.06
    • Published: Sep. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-7723

    The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.21
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-7724

    The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.10
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41103

    Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.... Read more

    Affected Products : interact
    • EPSS Score: %0.10
    • Published: Sep. 11, 2023
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-40625

    S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges whi... Read more

    Affected Products : s4core
    • EPSS Score: %0.15
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0220

    A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. ... Read more

    Affected Products : videoscape_anyres_live
    • EPSS Score: %0.17
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41423

    Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.... Read more

    Affected Products : wp_githuber_md
    • EPSS Score: %0.41
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3588

    A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.... Read more

    Affected Products : teamwork_cloud_no_magic_release
    • EPSS Score: %0.11
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-40984

    A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.... Read more

    Affected Products : webmin
    • EPSS Score: %0.21
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-37611

    Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.... Read more

    Affected Products : neos_cms
    • EPSS Score: %0.27
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-8069

    QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.... Read more

    Affected Products : qcms
    • EPSS Score: %0.21
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0261

    Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows r... Read more

    • EPSS Score: %0.13
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1000084

    WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to ... Read more

    Affected Products : wolf_cms
    • EPSS Score: %0.21
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41904

    Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %0.05
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-44048

    Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category.... Read more

    Affected Products : expense_tracker
    • EPSS Score: %0.27
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results