Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-13141

    A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scri... Read more

    Affected Products : lightpicture
    • Published: Jan. 05, 2025
    • Modified: Jan. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-45358

    Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.... Read more

    Affected Products : activello activello_theme
    • EPSS Score: %0.11
    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-22543

    Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025

  • 5.4

    MEDIUM
    CVE-2025-22534

    Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-12855

    The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attacke... Read more

    Affected Products : adforest
    • Published: Jan. 08, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-45849

    Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.... Read more

    Affected Products : activello_theme
    • EPSS Score: %0.11
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-13209

    A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Managem... Read more

    Affected Products : redaxo
    • Published: Jan. 09, 2025
    • Modified: Jun. 24, 2025

  • 5.4

    MEDIUM
    CVE-2024-43176

    IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-13238

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.... Read more

    Affected Products : typogrify
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-13245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before ... Read more

    Affected Products : ckeditor_4
    • Published: Jan. 09, 2025
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-27777

    Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.... Read more

    Affected Products : online_jewelry_shop
    • EPSS Score: %0.08
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-13294

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-56377

    A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey ... Read more

    Affected Products : redcap
    • Published: Jan. 09, 2025
    • Modified: Jan. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-0424

    The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : ms-reviews
    • EPSS Score: %0.08
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-27979

    A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.... Read more

    Affected Products : tooljet
    • EPSS Score: %0.17
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-2350

    A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross sit... Read more

    • EPSS Score: %0.07
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43871

    IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • EPSS Score: %0.09
    • Published: Apr. 29, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45801

    Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's po... Read more

    Affected Products : streampark
    • EPSS Score: %0.06
    • Published: May. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1861

    The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : limit_login_attempts
    • EPSS Score: %0.09
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-30184

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.... Read more

    Affected Products : typecho
    • EPSS Score: %0.08
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025
Showing 20 of 290955 Results