Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-12094

    Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : dimofinf_cms
    • EPSS Score: %0.46
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7758

    The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert... Read more

    Affected Products : amkamal_science_portfolio
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7761

    The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ink_cards
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7763

    The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : listen_up\!_mirucho
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7767

    The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : a\+
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-16289

    The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.... Read more

    Affected Products : woody_ad_snippets
    • EPSS Score: %0.42
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-19554

    An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.16
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-2883

    Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerabili... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.17
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-1999008

    October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS co... Read more

    Affected Products : october
    • EPSS Score: %0.33
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1999021

    Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to t... Read more

    Affected Products : gleez_cms gleezcms
    • EPSS Score: %0.21
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17577

    An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.32
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3054

    Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.... Read more

    Affected Products : filenet_workplace
    • EPSS Score: %0.17
    • Published: Aug. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-20285

    There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php... Read more

    Affected Products : zzcms
    • EPSS Score: %6.07
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3193

    Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote ... Read more

    • EPSS Score: %0.22
    • Published: Aug. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-20645

    Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.27
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14548

    An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker... Read more

    Affected Products : espocrm
    • EPSS Score: %0.26
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14550

    An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user cl... Read more

    Affected Products : espocrm
    • EPSS Score: %0.26
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14668

    Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link.... Read more

    Affected Products : firefly_iii
    • EPSS Score: %0.21
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14797

    The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.35
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7459

    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.... Read more

    Affected Products : connections
    • EPSS Score: %0.13
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290983 Results