Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-22112

    In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on th... Read more

    Affected Products : daybyday
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22124

    In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.... Read more

    Affected Products : halo halo
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40813

    A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.... Read more

    Affected Products : http_commander
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36920

    Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).... Read more

    Affected Products : download_monitor
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-21397

    Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attac... Read more

    Affected Products : communications_operations_monitor
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-44777

    Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).... Read more

    Affected Products : email_tracker
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46948

    A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.... Read more

    Affected Products : t24
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2022-22851

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php... Read more

    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-8628

    The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficien... Read more

    Affected Products : mailoptin
    • Published: Sep. 24, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2022-0348

    Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.... Read more

    Affected Products : pimcore
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9291

    A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component X... Read more

    Affected Products : kvf-admin
    • Published: Sep. 27, 2024
    • Modified: Oct. 07, 2024

  • 5.4

    MEDIUM
    CVE-2024-9323

    A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site script... Read more

    • Published: Sep. 29, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-9299

    A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross sit... Read more

    Affected Products : railway_reservation_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-46082

    Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-33209

    FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.... Read more

    Affected Products : flatpress
    • Published: Oct. 02, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-20442

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization con... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 5.4

    MEDIUM
    CVE-2021-43841

    XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the f... Read more

    Affected Products : xwiki
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-41514

    A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-0510

    Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.... Read more

    Affected Products : pimcore
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-47635

    Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 293947 Results