Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-1000137

    Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).... Read more

    Affected Products : mahara
    • EPSS Score: %0.19
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-6369

    The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible... Read more

    • EPSS Score: %0.32
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-50470

    A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : seacms
    • EPSS Score: %0.21
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49117

    PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and ea... Read more

    Affected Products : powercms
    • EPSS Score: %0.20
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12981

    An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting ... Read more

    • EPSS Score: %2.62
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4027

    IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.23
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4408

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.07
    • Published: Dec. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20350

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more

    • EPSS Score: %0.21
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2118

    Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.23
    • Published: Apr. 21, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2021-20507

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more

    • EPSS Score: %0.18
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0285

    The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : real_media_library
    • EPSS Score: %0.17
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-24525

    SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impac... Read more

    • EPSS Score: %0.43
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-39161

    Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects site... Read more

    Affected Products : discourse
    • EPSS Score: %0.21
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5982

    The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craf... Read more

    Affected Products : runkeeper_-_gps_track_run_walk
    • EPSS Score: %0.04
    • Published: Sep. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-1496

    IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.22
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4249

    IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more

    • EPSS Score: %0.21
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24129

    Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code... Read more

    Affected Products : portfolio_post
    • EPSS Score: %0.16
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-4228

    Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999.... Read more

    Affected Products : digital_content_manager
    • EPSS Score: %0.35
    • Published: Jul. 02, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2017-1691

    IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... Read more

    • EPSS Score: %0.18
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1535

    IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr... Read more

    • EPSS Score: %0.16
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results