Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-3899

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read dat... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3905

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data i... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-57186

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2022-42992

    Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.... Read more

    Affected Products : train_scheduler_app
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-43164

    A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name... Read more

    Affected Products : rukovoditel
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-40739

    Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack.... Read more

    Affected Products : ragic
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-46949

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2022-30615

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-35642

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2021-40303

    perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.... Read more

    Affected Products : perfex_crm
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2022-41873

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an... Read more

    Affected Products : contiki-ng
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34315

    IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM ... Read more

    Affected Products : cics_tx
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43687

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42111

    A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by s... Read more

    • Published: Nov. 15, 2022
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-42119

    Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.... Read more

    Affected Products : liferay_portal dxp
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-41805

    Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.... Read more

    Affected Products : booster_for_woocommerce
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-35500

    Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.... Read more

    Affected Products : blog_pro
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-39338

    user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on ... Read more

    • Published: Nov. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-6345

    A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Nam... Read more

    Affected Products : my_food_recipe my_food_recipe
    • Published: Jun. 20, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2022-4253

    A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be in... Read more

    Affected Products : canteen_management_system
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293562 Results