Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-38946

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    Affected Products : oncommand_insight cognos_analytics
    • EPSS Score: %0.69
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27703

    Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2022-0398

    The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which ... Read more

    • EPSS Score: %0.07
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28169

    Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-45879

    The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerab... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-28450

    nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.... Read more

    Affected Products : nopcommerce
    • EPSS Score: %0.15
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1503

    A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> lea... Read more

    Affected Products : getsimple_cms
    • EPSS Score: %0.18
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50841

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and t... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50837

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-52505

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot.... Read more

    Affected Products : matrix_irc_bridge
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2021-3987

    An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the ... Read more

    Affected Products : calibre-web
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-49759

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-49764

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" paramete... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-50350

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating ... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-50352

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-51496

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vul... Read more

    Affected Products : librenms
    • Published: Nov. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36912

    Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.... Read more

    Affected Products : google-news-sitemap
    • EPSS Score: %0.17
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43529

    A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability ... Read more

    • EPSS Score: %0.17
    • Published: Jan. 05, 2023
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-50803

    The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges... Read more

    Affected Products : redaxo
    • Published: Nov. 19, 2024
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-29976

    An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .... Read more

    Affected Products : mdaemon
    • EPSS Score: %0.26
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results