Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-44959

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name fie... Read more

    Affected Products : webtareas
    • EPSS Score: %0.08
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-4218

    The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to de... Read more

    Affected Products : chained_quiz
    • EPSS Score: %0.12
    • Published: Dec. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45916

    ILIAS before 7.16 allows XSS.... Read more

    Affected Products : ilias
    • EPSS Score: %1.19
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2020-36609

    A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cro... Read more

    Affected Products : duxcms
    • EPSS Score: %0.04
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-43877

    WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025

  • 5.4

    MEDIUM
    CVE-2022-44731

    A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affe... Read more

    Affected Products : simatic_wincc simatic_wincc_oa
    • EPSS Score: %0.31
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43996

    The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently... Read more

    Affected Products : csaf_provider
    • EPSS Score: %0.33
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-42141

    Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-40373

    Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.... Read more

    Affected Products : feehicms
    • EPSS Score: %0.06
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-51671

    A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-cate... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    MEDIUM
    CVE-2025-5035

    The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.... Read more

    Affected Products : firelight_lightbox
    • Published: Jun. 27, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    MEDIUM
    CVE-2022-4587

    A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the arg... Read more

    Affected Products : oc-server3
    • EPSS Score: %0.07
    • Published: Dec. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4596

    A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads t... Read more

    Affected Products : lifestyle
    • EPSS Score: %0.08
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4597

    A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. I... Read more

    Affected Products : lifestyle
    • EPSS Score: %0.08
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4599

    A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Headi... Read more

    Affected Products : lifestyle
    • EPSS Score: %0.08
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-6522

    Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-4614

    Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11.... Read more

    Affected Products : znote
    • EPSS Score: %0.08
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43657

    A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.... Read more

    Affected Products : simple_client_management_system
    • EPSS Score: %0.16
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 5.4

    MEDIUM
    CVE-2022-44380

    Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.... Read more

    Affected Products : snipe-it
    • EPSS Score: %0.09
    • Published: Dec. 25, 2022
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2022-29853

    OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.58
    • Published: Dec. 26, 2022
    • Modified: Apr. 14, 2025
Showing 20 of 290943 Results