Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-45843

    Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.... Read more

    Affected Products : smart_slider_3
    • EPSS Score: %0.20
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48429

    In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible ... Read more

    Affected Products : hub
    • EPSS Score: %0.02
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0589

    The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : wp_image_carousel
    • EPSS Score: %0.10
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-1703

    Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.00
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-25229

    Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-19277

    Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.... Read more

    Affected Products : mm-wiki
    • EPSS Score: %0.16
    • Published: Apr. 04, 2023
    • Modified: Feb. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-1866

    The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : yourchannel
    • EPSS Score: %0.06
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1871

    The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers... Read more

    Affected Products : yourchannel
    • EPSS Score: %0.09
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1756

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.04
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1879

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.06
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1883

    Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.26
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24747

    Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.09
    • Published: Apr. 05, 2023
    • Modified: Feb. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-4827

    The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : wp_tiles
    • EPSS Score: %0.11
    • Published: Apr. 10, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-24721

    A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.... Read more

    Affected Products : livesp
    • EPSS Score: %0.08
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2025-54682

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2023-24182

    LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.... Read more

    Affected Products : openwrt
    • EPSS Score: %0.09
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2025-54695

    Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-54698

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0.... Read more

    Affected Products : classified_listing
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2023-29189

    SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the netw... Read more

    • EPSS Score: %0.27
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-12545

    The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce va... Read more

    • Published: Jan. 04, 2025
    • Modified: Jun. 05, 2025
Showing 20 of 290955 Results