Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-4467

    The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting atta... Read more

    Affected Products : search_\&_filter
    • EPSS Score: %0.10
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-4475

    The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting atta... Read more

    Affected Products : collapse-o-matic
    • EPSS Score: %0.14
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-4775

    The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : geodirectory geodirectory
    • EPSS Score: %0.10
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-40034

    Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.... Read more

    Affected Products : javaweb_blog
    • EPSS Score: %0.08
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2025-53479

    The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override me... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-49547

    Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be exe... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-4749

    The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site S... Read more

    Affected Products : posts_list_designer
    • EPSS Score: %0.12
    • Published: Jan. 30, 2023
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-4834

    The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin... Read more

    Affected Products : cpt_bootstrap_carousel
    • EPSS Score: %0.14
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-0033

    The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : pdf_viewer
    • EPSS Score: %0.11
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-3083

    All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for... Read more

    Affected Products : e850_firmware e850
    • EPSS Score: %0.03
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0650

    A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploi... Read more

    Affected Products : yaf.net
    • EPSS Score: %0.15
    • Published: Feb. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48140

    DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.07
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2021-36425

    Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.... Read more

    Affected Products : phpwcms
    • EPSS Score: %0.41
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2021-36538

    Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.... Read more

    Affected Products : testrail
    • EPSS Score: %0.04
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2021-36712

    Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.... Read more

    Affected Products : yzmcms
    • EPSS Score: %0.07
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2021-37376

    Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has r... Read more

    • EPSS Score: %0.13
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37378

    Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached E... Read more

    • EPSS Score: %0.06
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2021-37502

    Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.... Read more

    Affected Products : automad
    • EPSS Score: %0.04
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2022-4657

    The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    • EPSS Score: %0.31
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0081

    The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : monsterinsights
    • EPSS Score: %0.23
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025
Showing 20 of 290943 Results