Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-25267

    An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.... Read more

    Affected Products : ilias
    • EPSS Score: %0.21
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25516

    WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.... Read more

    Affected Products : enterprise_integrator
    • EPSS Score: %0.34
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-5398

    A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-20118

    A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (D... Read more

    Affected Products : server
    • EPSS Score: %0.28
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-16878

    Portainer before 1.22.1 has XSS (issue 2 of 2).... Read more

    Affected Products : portainer
    • EPSS Score: %0.28
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25877

    A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.... Read more

    Affected Products : blackcat_cms
    • EPSS Score: %0.16
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19210

    Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • EPSS Score: %0.61
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19678

    In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.... Read more

    Affected Products : xray_test_mangaement
    • EPSS Score: %0.25
    • Published: Dec. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19757

    An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web brows... Read more

    Affected Products : xclarity_administrator
    • EPSS Score: %0.31
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-8128

    A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.... Read more

    Affected Products : magento
    • EPSS Score: %0.18
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-8142

    A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a ... Read more

    Affected Products : magento
    • EPSS Score: %0.18
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-0103

    NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure.... Read more

    Affected Products : triton_inference_server
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-9606

    PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.... Read more

    Affected Products : personal_video_collection_script
    • EPSS Score: %0.21
    • Published: Mar. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35704

    Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.... Read more

    Affected Products : daybyday
    • EPSS Score: %0.21
    • Published: Dec. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35706

    Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.... Read more

    Affected Products : daybyday
    • EPSS Score: %0.21
    • Published: Dec. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-32067

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2019-4077

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to creden... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.16
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-10103

    An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially craf... Read more

    Affected Products : zammad
    • EPSS Score: %0.40
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-10128

    SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaSc... Read more

    Affected Products : searchblox
    • EPSS Score: %0.21
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4061

    In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.... Read more

    Affected Products : october
    • EPSS Score: %0.31
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291002 Results