Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-29821

    IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... Read more

    Affected Products : tivoli_netcool\/omnibus_webgui
    • EPSS Score: %0.35
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24643

    The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : wp_map_block
    • EPSS Score: %0.18
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-41707

    An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data sto... Read more

    Affected Products : archer
    • Published: Jul. 25, 2024
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-25090

    Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you d... Read more

    Affected Products : roller
    • Published: Jul. 26, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2020-20129

    LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.... Read more

    Affected Products : laracms
    • EPSS Score: %0.28
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-21434

    Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.... Read more

    Affected Products : maccms
    • EPSS Score: %0.21
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-6727

    A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application.... Read more

    Affected Products :
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33849

    A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your applicati... Read more

    Affected Products : zoho_crm_lead_magnet
    • EPSS Score: %2.19
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29760

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.12
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-6536

    The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap... Read more

    • Published: Jul. 30, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-7225

    A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of ... Read more

    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-21729

    JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jeecms_x
    • EPSS Score: %0.21
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41917

    webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting... Read more

    Affected Products : webtareas
    • EPSS Score: %0.32
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-2466

    In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.... Read more

    Affected Products : data_services
    • EPSS Score: %0.42
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24545

    The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, u... Read more

    Affected Products : wp_html_author_bio
    • EPSS Score: %13.32
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24577

    The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.... Read more

    Affected Products : coming_soon_and_maintenance_mode
    • EPSS Score: %0.28
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24712

    The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.... Read more

    Affected Products : appointment_hour_booking
    • EPSS Score: %0.26
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-39637

    Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-7368

    A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. The manipulation of the argument title leads to cross site scri... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 01, 2024
    • Modified: Aug. 07, 2024

  • 5.4

    MEDIUM
    CVE-2021-20798

    Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.... Read more

    • EPSS Score: %0.21
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results