Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-46040

    Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.... Read more

    Affected Products : getsimplecms
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6904

    PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.... Read more

    Affected Products : car_rental_script
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-44954

    Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.... Read more

    Affected Products : bigtree_cms
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9999

    In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.... Read more

    Affected Products : zulip_server
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4768

    IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... Read more

    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-12574

    The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2022-46840

    Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through ... Read more

    Affected Products : js_help_desk
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2021-27190

    A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker... Read more

    Affected Products : peel_shopping
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38483

    Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4.... Read more

    Affected Products : instant_css
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-40678

    Missing Authorization vulnerability in Lasso Simple URLs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through 117.... Read more

    Affected Products : simple_urls
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2023-41688

    Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.... Read more

    Affected Products : bulk_noindex_\&_nofollow_toolkit
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-54311

    Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-55992

    Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-55998

    Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.4

    MEDIUM
    CVE-2020-4933

    IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more

    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20446

    IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35592

    Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against o... Read more

    Affected Products : pi-hole
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-55056

    A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2021-27559

    The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.... Read more

    Affected Products : monica
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-12121

    The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 294446 Results