Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-9323

    A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site script... Read more

    • Published: Sep. 29, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2022-23871

    Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.... Read more

    Affected Products : gibbon
    • EPSS Score: %0.21
    • Published: Feb. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9299

    A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross sit... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-46082

    Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-33209

    FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.... Read more

    Affected Products : flatpress
    • Published: Oct. 02, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-20442

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization con... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 5.4

    MEDIUM
    CVE-2024-20477

    A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affe... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2021-43841

    XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the f... Read more

    Affected Products : xwiki
    • EPSS Score: %0.57
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-46409

    A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.... Read more

    Affected Products : seeddms
    • Published: Oct. 04, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-41514

    A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-0510

    Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.03
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45919

    Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.... Read more

    Affected Products : elfinder
    • EPSS Score: %0.35
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-47635

    Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 5.4

    MEDIUM
    CVE-2022-23049

    Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to comp... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.83
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24590

    A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.... Read more

    Affected Products : backdrop backdrop_cms
    • EPSS Score: %0.21
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46108

    D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.... Read more

    Affected Products : dsl-2730e_firmware dsl-2730e
    • EPSS Score: %1.10
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-44565

    A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown... Read more

    • EPSS Score: %0.26
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-44607

    A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.... Read more

    Affected Products : fuel_cms
    • EPSS Score: %0.19
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-21286

    Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9873

    The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all ver... Read more

    Affected Products : peepso
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 290974 Results