Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-41707

    An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data sto... Read more

    Affected Products : archer
    • Published: Jul. 25, 2024
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-25090

    Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you d... Read more

    Affected Products : roller
    • Published: Jul. 26, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-6727

    A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application.... Read more

    Affected Products :
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-6536

    The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap... Read more

    • Published: Jul. 30, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-7225

    A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of ... Read more

    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41917

    webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting... Read more

    Affected Products : webtareas
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24712

    The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.... Read more

    Affected Products : appointment_hour_booking
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-39637

    Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-7368

    A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. The manipulation of the argument title leads to cross site scri... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 01, 2024
    • Modified: Aug. 07, 2024

  • 5.4

    MEDIUM
    CVE-2020-19962

    A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.... Read more

    Affected Products : chaoji_cms
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3636

    The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : pinpoint_booking_system
    • Published: Aug. 05, 2024
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2021-29878

    IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... Read more

    Affected Products : business_automation_workflow
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-6766

    The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    Affected Products : shortcodes_ultimate
    • Published: Aug. 06, 2024
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-7309

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to i... Read more

    Affected Products : record_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-7355

    The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This ma... Read more

    Affected Products : organization_chart
    • Published: Aug. 07, 2024
    • Modified: Mar. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-6884

    The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and ab... Read more

    Affected Products : gutenberg_blocks_with_ai
    • Published: Aug. 08, 2024
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-40473

    A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields.... Read more

    • Published: Aug. 12, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2020-23044

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.... Read more

    Affected Products : dedecms
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23049

    Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web sc... Read more

    Affected Products : fork_cms
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28955

    SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fi... Read more

    Affected Products : sugarcrm
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294068 Results