Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-39707

    A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.... Read more

    • EPSS Score: %0.19
    • Published: Aug. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43909

    IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.14
    • Published: Aug. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-40753

    There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.... Read more

    Affected Products : ticket_support_script
    • EPSS Score: %0.87
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-44349

    NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : s.a.s_n-ops_\&_crew
    • EPSS Score: %0.08
    • Published: Sep. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-2371

    A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /registered-user-testing.php of the component Registered Mobile... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-2375

    A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argume... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-53968

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment... Read more

    • Published: Mar. 19, 2025
    • Modified: Apr. 14, 2025

  • 5.4

    MEDIUM
    CVE-2023-34637

    A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal.... Read more

    Affected Products : isarflow
    • EPSS Score: %0.11
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-10721

    A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the aff... Read more

    Affected Products : phpipam
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-10724

    A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue... Read more

    Affected Products : phpipam
    • Published: Mar. 20, 2025
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2023-36387

    An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. ... Read more

    Affected Products : superset
    • EPSS Score: %0.02
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-8400

    A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed... Read more

    Affected Products : chuanhuchatgpt
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025

  • 5.4

    MEDIUM
    CVE-2023-32332

    IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the secur... Read more

    • EPSS Score: %0.05
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41593

    Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.... Read more

    Affected Products : dairy_farm_shop_management_system
    • EPSS Score: %0.27
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41160

    A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.... Read more

    Affected Products : usermin
    • EPSS Score: %0.11
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5025

    A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack ... Read more

    Affected Products : koha
    • EPSS Score: %0.10
    • Published: Sep. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-23957

    An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4... Read more

    Affected Products : identity_portal
    • EPSS Score: %0.28
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41048

    plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security ho... Read more

    Affected Products : plone namedfile plone.namedfile
    • EPSS Score: %0.50
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43331

    A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.... Read more

    Affected Products : small_crm
    • EPSS Score: %0.27
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43828

    A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.... Read more

    Affected Products : subrion
    • EPSS Score: %0.27
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290978 Results