Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-40746

    A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. Th... Read more

    Affected Products : hikashop
    • Published: Oct. 21, 2024
    • Modified: Mar. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-46236

    CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php.... Read more

    Affected Products : membership_management_system
    • Published: Oct. 21, 2024
    • Modified: Mar. 31, 2025

  • 5.4

    MEDIUM
    CVE-2024-48709

    CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php... Read more

    Affected Products : membership_management_system
    • Published: Oct. 21, 2024
    • Modified: Mar. 31, 2025

  • 5.4

    MEDIUM
    CVE-2024-48707

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.... Read more

    Affected Products : collabtive
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-48708

    Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.... Read more

    Affected Products : collabtive
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2021-39055

    IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-46994

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.... Read more

    Affected Products : basercms
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 5.4

    MEDIUM
    CVE-2024-10348

    A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the ar... Read more

    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 5.4

    MEDIUM
    CVE-2022-0475

    Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19... Read more

    Affected Products : otrs
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-27090

    Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.... Read more

    Affected Products : cscms
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-26197

    Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.... Read more

    Affected Products : joget_dx
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50423

    Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-37425

    Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-37439

    Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2021-43461

    Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.... Read more

    Affected Products : rumble_mail_server
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-10753

    A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipul... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-9867

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and inc... Read more

    Affected Products : element_pack
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 5.4

    MEDIUM
    CVE-2022-25373

    Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.... Read more

    Affected Products : manageengine_supportcenter_plus
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-48312

    WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the login page.... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2022-27107

    OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter... Read more

    Affected Products : orangehrm
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293696 Results