Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-46805

    Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets.... Read more

    • EPSS Score: %0.04
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1146

    Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.... Read more

    Affected Products : flatpress
    • EPSS Score: %0.08
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-22438

    Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE... Read more

    Affected Products : ec-cube
    • EPSS Score: %0.26
    • Published: Mar. 06, 2023
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2015-10093

    A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url lea... Read more

    Affected Products : mark_user_as_spammer
    • EPSS Score: %0.08
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0069

    The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to per... Read more

    Affected Products : wpaudio_mp3_player
    • EPSS Score: %0.11
    • Published: Mar. 06, 2023
    • Modified: Mar. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-4930

    A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotel... Read more

    Affected Products : syspass
    • EPSS Score: %0.07
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-7676

    DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to lo... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-54423

    copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including ... Read more

    Affected Products : copyparty
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-1270

    Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.... Read more

    Affected Products : btcpayserver
    • EPSS Score: %0.05
    • Published: Mar. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1315

    Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.... Read more

    Affected Products : osticket
    • EPSS Score: %31.02
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4652

    The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfor... Read more

    Affected Products : video_background
    • EPSS Score: %0.14
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-0219

    The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to se... Read more

    Affected Products : fluentsmtp
    • EPSS Score: %0.11
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-6078

    Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScr... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-45814

    Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.... Read more

    Affected Products : wp_calendar
    • EPSS Score: %0.09
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-8508

    A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avalia... Read more

    Affected Products : i-educar
    • Published: Aug. 03, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-1565

    A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possibl... Read more

    Affected Products : feifeicms
    • EPSS Score: %0.07
    • Published: Mar. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-28665

    The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.... Read more

    Affected Products : bulk_price_update_for_woocommerce
    • EPSS Score: %20.35
    • Published: Mar. 22, 2023
    • Modified: Feb. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45843

    Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.... Read more

    Affected Products : smart_slider_3
    • EPSS Score: %0.20
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48429

    In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible ... Read more

    Affected Products : hub
    • EPSS Score: %0.02
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0589

    The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : wp_image_carousel
    • EPSS Score: %0.10
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025
Showing 20 of 290954 Results