Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-56470

    IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attac... Read more

    Affected Products : aspera_shares
    • Published: Feb. 05, 2025
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-49793

    IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : applinx
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-25110

    Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-2899

    The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : google_map_shortcode
    • EPSS Score: %0.11
    • Published: Jun. 19, 2023
    • Modified: Dec. 12, 2024

  • 5.4

    MEDIUM
    CVE-2023-3318

    A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can ... Read more

    Affected Products : resort_management_system
    • EPSS Score: %0.07
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-34461

    PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a... Read more

    Affected Products : pybb
    • EPSS Score: %0.09
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-0054

    SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could b... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-25241

    Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the applicat... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2020-21246

    Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.... Read more

    Affected Products : yiicms
    • EPSS Score: %0.17
    • Published: Jun. 20, 2023
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2025-0526

    In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.... Read more

    Affected Products : windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-28171

    Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.... Read more

    Affected Products : brilliance
    • EPSS Score: %0.11
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-24428

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Mar. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-31868

    Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. ... Read more

    Affected Products : x3
    • EPSS Score: %0.09
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-36093

    There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.08
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-36288

    An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.... Read more

    Affected Products : qloapps
    • EPSS Score: %0.11
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-13692

    The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functi... Read more

    • Published: Feb. 14, 2025
    • Modified: Feb. 25, 2025

  • 5.4

    MEDIUM
    CVE-2024-57605

    Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.... Read more

    Affected Products : fuel_cms
    • Published: Feb. 12, 2025
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-28485

    A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their ... Read more

    Affected Products : wekan
    • EPSS Score: %0.16
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23065

    Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.... Read more

    Affected Products : ezpublish_legacy ezpublish_platform
    • EPSS Score: %0.50
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-26765

    Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
Showing 20 of 290972 Results