Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-56341

    IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-45279

    Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the u... Read more

    Affected Products : yamcs
    • EPSS Score: %0.16
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-45280

    Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the... Read more

    Affected Products : yamcs
    • EPSS Score: %0.93
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-3130

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1.... Read more

    Affected Products : drupal obfuscate
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-43355

    Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.39
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-37636

    A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.... Read more

    Affected Products : uvdesk
    • EPSS Score: %0.08
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46396

    Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.... Read more

    Affected Products : audimex
    • EPSS Score: %0.17
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-32249

    Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19.... Read more

    Affected Products : directorypress
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-34833

    An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.... Read more

    Affected Products : agile_reporter
    • EPSS Score: %0.08
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-45746

    Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r... Read more

    Affected Products : movable_type
    • EPSS Score: %0.11
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-20939

    Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-4391

    The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : vision_interactive
    • EPSS Score: %0.10
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2022-39172

    A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via name field of a process.... Read more

    Affected Products : openviva
    • EPSS Score: %0.07
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46451

    Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.... Read more

    Affected Products : best_courier_management_system
    • EPSS Score: %0.12
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5873

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.00
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-4823

    The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authe... Read more

    Affected Products : wp_meta_and_date_remover
    • EPSS Score: %0.22
    • Published: Oct. 31, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-46378

    Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.... Read more

    Affected Products : minicms
    • EPSS Score: %0.12
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5895

    Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkp_web_application_library
    • EPSS Score: %0.07
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-20031

    A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerabi... Read more

    Affected Products : firepower_threat_defense
    • EPSS Score: %0.02
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-26456

    Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over coul... Read more

    Affected Products : open-xchange_appsuite ox_guard
    • EPSS Score: %0.16
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290980 Results