Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-1444

    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.20
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-1911

    IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    Affected Products : rational_doors_next_generation
    • EPSS Score: %0.16
    • Published: Mar. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-15279

    Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/P... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %0.20
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-20372

    TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.... Read more

    Affected Products : td-w8961nd_firmware td-w8961nd
    • EPSS Score: %0.21
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20373

    Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.... Read more

    Affected Products : adsl_firmware adsl
    • EPSS Score: %0.21
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1568

    IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... Read more

    • EPSS Score: %0.16
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20627

    PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.... Read more

    Affected Products : consumer_reviews_script
    • EPSS Score: %0.21
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-15811

    The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.... Read more

    Affected Products : pootle_button
    • EPSS Score: %0.20
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-20875

    cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.21
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20933

    cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.34
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1678

    IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    Affected Products : rational_doors_next_generation
    • EPSS Score: %0.27
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16801

    Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.... Read more

    Affected Products : octopus_deploy
    • EPSS Score: %0.15
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-25039

    A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert... Read more

    • EPSS Score: %0.20
    • Published: Jun. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-3716

    simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.... Read more

    Affected Products : simplehttpserver
    • EPSS Score: %0.30
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18408

    cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.34
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18473

    cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.30
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-8178

    Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone an... Read more

    Affected Products : vicky-al00_firmware vicky-al00
    • EPSS Score: %0.16
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-5212

    The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.... Read more

    • EPSS Score: %0.30
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-5213

    The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.... Read more

    • EPSS Score: %0.30
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-5331

    Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.... Read more

    Affected Products : discuzx discuzx
    • EPSS Score: %0.23
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results