Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-3327

    Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.... Read more

    Affected Products : dynamic_content
    • EPSS Score: %0.30
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-29472

    OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.... Read more

    Affected Products : oneblog
    • Published: Mar. 20, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-29474

    OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.... Read more

    Affected Products : oneblog
    • Published: Mar. 20, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-1142

    Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue.... Read more

    Affected Products :
    • Published: Mar. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-1502

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it p... Read more

    Affected Products : tutor_lms
    • Published: Mar. 21, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2021-28968

    An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.... Read more

    Affected Products : punbb
    • EPSS Score: %0.27
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29002

    A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.... Read more

    Affected Products : plone
    • EPSS Score: %0.31
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45352

    Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. ... Read more

    Affected Products : betheme
    • Published: Mar. 25, 2024
    • Modified: Jan. 31, 2025

  • 5.4

    MEDIUM
    CVE-2022-45851

    Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. ... Read more

    Affected Products : dashboard_for_google_analytics
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-22699

    Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7. ... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28435

    The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-29810

    The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary J... Read more

    Affected Products : photo_gallery
    • Published: Mar. 26, 2024
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2021-28247

    CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflect... Read more

    Affected Products : ehealth_performance_manager
    • EPSS Score: %0.15
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20681

    Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : basercms
    • EPSS Score: %0.21
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-19626

    Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.23
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27352

    An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.... Read more

    Affected Products : ilch_cms
    • EPSS Score: %0.20
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20545

    Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.... Read more

    • EPSS Score: %0.28
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-29230

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read da... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-29232

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database contain... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-29234

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database contain... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025
Showing 20 of 290943 Results