Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-28847

    Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.... Read more

    Affected Products : valine
    • EPSS Score: %0.18
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9867

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and inc... Read more

    Affected Products : element_pack
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 5.4

    MEDIUM
    CVE-2022-25373

    Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.... Read more

    Affected Products : manageengine_supportcenter_plus
    • EPSS Score: %4.57
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-48312

    WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the login page.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2022-27107

    OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter... Read more

    Affected Products : orangehrm
    • EPSS Score: %0.18
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-28364

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.37
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-35146

    IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functional... Read more

    Affected Products : maximo_application_suite
    • Published: Nov. 06, 2024
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2021-25090

    The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisat... Read more

    • EPSS Score: %0.22
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50637

    UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.... Read more

    Affected Products : unopim
    • Published: Nov. 06, 2024
    • Modified: Jun. 24, 2025

  • 5.4

    MEDIUM
    CVE-2024-51031

    A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields.... Read more

    Affected Products : cab_management_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43288

    An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.... Read more

    Affected Products : gocd
    • EPSS Score: %1.58
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45228

    An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is refl... Read more

    Affected Products : coins_construction_cloud
    • EPSS Score: %0.20
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0765

    The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator... Read more

    Affected Products : loco_translate
    • EPSS Score: %0.17
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1112

    The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSR... Read more

    Affected Products : autolinks
    • EPSS Score: %0.08
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-23283

    Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP soft... Read more

    Affected Products : intelligent_power_protector
    • EPSS Score: %0.20
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-11070

    A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name le... Read more

    Affected Products : publiccms
    • Published: Nov. 11, 2024
    • Modified: Nov. 23, 2024

  • 5.4

    MEDIUM
    CVE-2022-21481

    Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : peoplesoft_enterprise
    • EPSS Score: %0.18
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24864

    Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injecte... Read more

    Affected Products : origin_website
    • EPSS Score: %0.29
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-26673

    ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.... Read more

    Affected Products : rt-ax88u_firmware rt-ax88u
    • EPSS Score: %0.21
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-38903

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be execu... Read more

    Affected Products : oncommand_insight cognos_analytics
    • EPSS Score: %0.14
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results