Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-32544

    Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.... Read more

    Affected Products : igt\+
    • EPSS Score: %0.12
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3338

    The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products : colibri_page_builder
    • Published: May. 02, 2024
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-3340

    The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products : colibri_page_builder
    • Published: May. 02, 2024
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2020-4535

    IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more

    Affected Products : openpages_grc_platform
    • EPSS Score: %0.19
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28722

    Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates.... Read more

    Affected Products : deskpro
    • EPSS Score: %0.18
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-38729

    Cross-Site Request Forgery (CSRF) vulnerability in MBE Worldwide S.p.A. MBE eShip allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025

  • 5.4

    MEDIUM
    CVE-2021-24326

    The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attrib... Read more

    Affected Products : all_404_redirect_to_homepage
    • EPSS Score: %0.19
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3868

    The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products : folders
    • Published: May. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-24992

    There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.... Read more

    Affected Products : cmswing
    • EPSS Score: %0.17
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34341

    Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitizatio... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33512

    Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.... Read more

    Affected Products : plone
    • EPSS Score: %0.30
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28761

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security ... Read more

    Affected Products : app_connect_enterprise
    • Published: May. 14, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-34816

    Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. ... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-21660

    Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured ... Read more

    Affected Products : markdown_formatter
    • EPSS Score: %0.25
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4723

    A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. This issue affects some unknown processing of the file /admin/case-status. The manipulation of the argument case_status leads to cross site... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-4728

    A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/court. The manipulation of the argument court_name leads to cross site scripting. The ... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-4730

    A vulnerability classified as problematic has been found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/judge. The manipulation of the argument judge_name leads to cross site scripting. It is possible to ... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-4737

    A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument company_name/mobile leads to cross site scripting. It ... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2019-25093

    A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation ... Read more

    Affected Products : recent_threads_on_index
    • EPSS Score: %0.06
    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2006-2770

    Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by fi... Read more

    Affected Products : pppblog
    • EPSS Score: %22.07
    • Published: Jun. 02, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 290943 Results