Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-26456

    Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over coul... Read more

    Affected Products : open-xchange_appsuite ox_guard
    • EPSS Score: %0.16
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5945

    The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. T... Read more

    • EPSS Score: %0.05
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-30148

    Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payl... Read more

    Affected Products : framework
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-46744

    Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks... Read more

    Affected Products : squidex
    • EPSS Score: %0.16
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42981

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-32074

    Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-37790

    Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.... Read more

    Affected Products : clarity
    • EPSS Score: %0.14
    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-3568

    A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to ... Read more

    Affected Products : krayin_crm
    • Published: Apr. 14, 2025
    • Modified: Jun. 26, 2025

  • 5.4

    MEDIUM
    CVE-2025-2475

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.... Read more

    Affected Products : mattermost_server
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-48068

    DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.08
    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-30964

    Server-Side Request Forgery (SSRF) vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2025-21576

    Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with... Read more

    Affected Products : commerce_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2025-30697

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-30713

    Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network ... Read more

    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-39552

    Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200.... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-47309

    Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.... Read more

    Affected Products : gls
    • EPSS Score: %0.09
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48087

    xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.... Read more

    Affected Products : xxl-job
    • EPSS Score: %0.05
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48088

    xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.... Read more

    Affected Products : xxl-job
    • EPSS Score: %0.08
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48197

    Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.... Read more

    Affected Products : grocy grocy
    • EPSS Score: %0.30
    • Published: Nov. 15, 2023
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-48649

    Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %1.26
    • Published: Nov. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290981 Results