Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-14715

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.... Read more

    Affected Products : epesi
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14716

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.... Read more

    Affected Products : epesi
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-28848

    user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token ... Read more

    Affected Products : nextcloud_server user_oidc notes
    • Published: Apr. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-25054

    A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details... Read more

    Affected Products : cilla
    • Published: Dec. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-14753

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.... Read more

    Affected Products : eyesofnetwork
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-28633

    GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS auto... Read more

    Affected Products : glpi
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-29537

    Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credential... Read more

    Affected Products : archer
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37462

    A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.... Read more

    Affected Products : upstream_works_on_finesse
    • Published: Apr. 10, 2023
    • Modified: Feb. 12, 2025

  • 5.4

    MEDIUM
    CVE-2017-14922

    Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administra... Read more

    Affected Products : tine_2.0
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1335

    IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more

    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-0363

    The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more

    Affected Products : scheduled_announcements_widget
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-24181

    LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.... Read more

    Affected Products : luci
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2017-14923

    Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.... Read more

    Affected Products : tine_2.0
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-26846

    A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.... Read more

    Affected Products : opencats
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000088

    The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.... Read more

    Affected Products : sidebar_link
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000102

    The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract bui... Read more

    Affected Products : static_analysis_utilities
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14973

    IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).... Read more

    • Published: Oct. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-1325

    The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above t... Read more

    Affected Products : easy_forms_for_mailchimp
    • Published: Apr. 17, 2023
    • Modified: Mar. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-29774

    Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).... Read more

    Affected Products : dreamer_cms
    • Published: Apr. 18, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-25759

    OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.... Read more

    Affected Products : tripleplay
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025
Showing 20 of 294633 Results