Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-23065

    Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.... Read more

    Affected Products : ezpublish_legacy ezpublish_platform
    • EPSS Score: %0.50
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-26765

    Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-13741

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated atta... Read more

    Affected Products : profilegrid
    • Published: Feb. 18, 2025
    • Modified: Feb. 24, 2025

  • 5.4

    MEDIUM
    CVE-2023-32536

    Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authenticat... Read more

    Affected Products : apex_central
    • EPSS Score: %0.38
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-32537

    Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authenticat... Read more

    Affected Products : apex_central
    • EPSS Score: %0.38
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-32604

    Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authenticat... Read more

    Affected Products : apex_central
    • EPSS Score: %0.38
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-26274

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    • EPSS Score: %0.14
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-34837

    A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.... Read more

    Affected Products : escan_management_console
    • EPSS Score: %1.58
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3331

    Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N... Read more

    • EPSS Score: %0.11
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28776

    IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    Affected Products : windows cognos_controller controller
    • Published: Feb. 19, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-51325

    PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.... Read more

    Affected Products : shared_asset_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-51330

    PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter.... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-51337

    PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index.... Read more

    Affected Products : event_ticketing_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-51338

    PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page.... Read more

    Affected Products : meeting_room_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-32607

    Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.... Read more

    Affected Products : pleasanter
    • EPSS Score: %0.30
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-1577

    A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scri... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Feb. 23, 2025
    • Modified: Mar. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-12308

    The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Feb. 24, 2025
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2020-22152

    Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.... Read more

    Affected Products : fuel_cms
    • EPSS Score: %0.43
    • Published: Jul. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-36223

    Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.... Read more

    Affected Products : bbs-go
    • EPSS Score: %0.20
    • Published: Jul. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-27000

    Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
Showing 20 of 290974 Results