Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-22112

    In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on th... Read more

    Affected Products : daybyday
    • EPSS Score: %0.21
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22124

    In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.... Read more

    Affected Products : halo halo
    • EPSS Score: %0.26
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40813

    A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.... Read more

    Affected Products : http_commander
    • EPSS Score: %0.12
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36920

    Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).... Read more

    Affected Products : download_monitor
    • EPSS Score: %0.16
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25065

    The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.... Read more

    Affected Products : smash_balloon_social_post_feed
    • EPSS Score: %2.93
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3862

    icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : icecoder
    • EPSS Score: %0.27
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29872

    IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could ... Read more

    Affected Products : cloud_pak_for_automation
    • EPSS Score: %0.05
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-21397

    Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attac... Read more

    Affected Products : communications_operations_monitor
    • EPSS Score: %0.18
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-44777

    Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).... Read more

    Affected Products : email_tracker
    • EPSS Score: %0.10
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46026

    mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.... Read more

    Affected Products : mysiteforme mysiteforme mysiteforme
    • EPSS Score: %0.19
    • Published: Jan. 20, 2022
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2021-24694

    The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argu... Read more

    Affected Products : simple_download_monitor
    • EPSS Score: %0.18
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24965

    The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with... Read more

    Affected Products : five_star_restaurant_reservations
    • EPSS Score: %0.21
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24974

    The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be... Read more

    Affected Products : product_feed_pro_for_woocommerce
    • EPSS Score: %0.21
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46083

    uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.... Read more

    Affected Products : uscat
    • EPSS Score: %0.19
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46084

    uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.... Read more

    Affected Products : uscat
    • EPSS Score: %0.19
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46948

    A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.... Read more

    Affected Products : t24
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2021-43334

    BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.... Read more

    Affected Products : buddyboss
    • EPSS Score: %0.47
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22851

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php... Read more

    • EPSS Score: %0.18
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22850

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.... Read more

    • EPSS Score: %0.18
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22852

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.... Read more

    • EPSS Score: %0.26
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290977 Results