Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-40303

    perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.... Read more

    Affected Products : perfex_crm
    • EPSS Score: %0.15
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2022-41873

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an... Read more

    Affected Products : contiki-ng
    • EPSS Score: %0.04
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34315

    IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM ... Read more

    Affected Products : cics_tx
    • EPSS Score: %0.19
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43687

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.35
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42111

    A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by s... Read more

    • EPSS Score: %0.14
    • Published: Nov. 15, 2022
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-42119

    Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.52
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-41805

    Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.... Read more

    Affected Products : booster_for_woocommerce
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-35500

    Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.13
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2025-6301

    A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Titl... Read more

    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025

  • 5.4

    MEDIUM
    CVE-2025-6340

    A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is pos... Read more

    Affected Products : school_fees_payment_system
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025

  • 5.4

    MEDIUM
    CVE-2022-39338

    user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on ... Read more

    • EPSS Score: %0.15
    • Published: Nov. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-50008

    Missing Authorization vulnerability in cscode WooCommerce Manager &#8211; Customize and Control Cart page, Add to Cart button, Checkout fields easily allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce M... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 5.4

    MEDIUM
    CVE-2025-50010

    Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 5.4

    MEDIUM
    CVE-2025-6345

    A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Nam... Read more

    Affected Products : my_food_recipe my_food_recipe
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025

  • 5.4

    MEDIUM
    CVE-2022-4253

    A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be in... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-44948

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a c... Read more

    Affected Products : rukovoditel
    • EPSS Score: %1.73
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44959

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name fie... Read more

    Affected Products : webtareas
    • EPSS Score: %0.08
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-4218

    The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to de... Read more

    Affected Products : chained_quiz
    • EPSS Score: %0.12
    • Published: Dec. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45916

    ILIAS before 7.16 allows XSS.... Read more

    Affected Products : ilias
    • EPSS Score: %1.19
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2020-36609

    A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cro... Read more

    Affected Products : duxcms
    • EPSS Score: %0.04
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290940 Results