Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-37455

    The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.... Read more

    Affected Products : firefox
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3683

    A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. T... Read more

    Affected Products : articart
    • Published: Jul. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2143

    The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.... Read more

    Affected Products : enable_svg\,_webp_\&_ico_upload
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-36656

    Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.... Read more

    Affected Products : jaeger_ui
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3586

    Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-23568

    Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), ... Read more

    Affected Products : command_centre
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-31466

    An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript co... Read more

    Affected Products : timekeeper
    • Published: Jul. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000386

    Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could includ... Read more

    Affected Products : active_choices
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3969

    A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulati... Read more

    Affected Products : availability_booking_calendar_php
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3980

    Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.... Read more

    Affected Products : omeka omeka_s
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-26449

    The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interfa... Read more

    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6550

    Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.... Read more

    Affected Products : monstra
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0329

    Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect use... Read more

    Affected Products : emptoris_sourcing
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-37581

    Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller con... Read more

    Affected Products : roller
    • Published: Aug. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6655

    PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.... Read more

    Affected Products : doctor_search_script
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6844

    MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.... Read more

    Affected Products : mybb
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-39006

    The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.... Read more

    Affected Products : opnsense
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000507

    Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.... Read more

    Affected Products : canvas
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6858

    Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.... Read more

    Affected Products : facebook_clone_script
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1682

    IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : connections
    • Published: Feb. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294510 Results