Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-21699

    Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permissi... Read more

    Affected Products : active_choices
    • EPSS Score: %50.54
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3920

    grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : grav-plugin-admin
    • EPSS Score: %0.21
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24918

    The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript o... Read more

    Affected Products : smash_balloon_social_post_feed
    • EPSS Score: %0.18
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-44202

    Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035... Read more

    Affected Products : linux_kernel windows cyber_protect
    • EPSS Score: %0.50
    • Published: Nov. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42564

    An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refres... Read more

    Affected Products : cryptshare_server
    • EPSS Score: %0.14
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20856

    Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.... Read more

    • EPSS Score: %0.21
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-42939

    A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.... Read more

    Affected Products : yzncms
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 5.4

    MEDIUM
    CVE-2021-40092

    A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.... Read more

    Affected Products : squaredup
    • EPSS Score: %0.20
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40093

    A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.... Read more

    Affected Products : squaredup
    • EPSS Score: %0.20
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-19683

    A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.... Read more

    Affected Products : zzzcms
    • EPSS Score: %0.21
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36911

    Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role.... Read more

    Affected Products : comment_engine_pro
    • EPSS Score: %0.18
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-39054

    IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's... Read more

    • EPSS Score: %0.08
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43438

    Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field... Read more

    Affected Products : iresturant
    • EPSS Score: %0.15
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43842

    Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. ... Read more

    Affected Products : wiki.js
    • EPSS Score: %0.26
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20946

    Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.... Read more

    Affected Products : qibosoft
    • EPSS Score: %0.59
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45904

    OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.... Read more

    Affected Products : openwrt
    • EPSS Score: %0.47
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45905

    OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.... Read more

    Affected Products : openwrt
    • EPSS Score: %0.47
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45906

    OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.... Read more

    Affected Products : openwrt
    • EPSS Score: %0.47
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25988

    In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.... Read more

    Affected Products : ifme
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25989

    In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.... Read more

    Affected Products : ifme
    • EPSS Score: %0.21
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290978 Results