Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-20683

    Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-26847

    A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.... Read more

    Affected Products : opencats
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-2173

    Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.... Read more

    Affected Products : gatling
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36432

    The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.... Read more

    Affected Products : blog_pro
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-4219

    The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete s... Read more

    Affected Products : chained_quiz
    • Published: Dec. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2236

    Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.... Read more

    Affected Products : yet_another_build_visualizer
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42954

    Keyfactor EJBCA before 7.10.0 allows XSS.... Read more

    Affected Products : kefactor_ejbca
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-38089

    Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote auth... Read more

    Affected Products : exment laravel-admin
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23214

    A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.... Read more

    Affected Products : phplist
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23656

    NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."... Read more

    Affected Products : navigatecms
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4718

    IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : jazz_for_service_management
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4468

    The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attac... Read more

    Affected Products : wp_recipe_maker
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2022-4486

    The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : meteor_slides
    • Published: Jan. 16, 2023
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-44953

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name f... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2023-29847

    AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a cr... Read more

    Affected Products : aerocms
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-40191

    Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.... Read more

    Affected Products : contact_form_by_mega_forms
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45363

    Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.... Read more

    Affected Products : betheme
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4058

    The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a ... Read more

    Affected Products : photo_gallery
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-29433

    Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.... Read more

    Affected Products : donations
    • Published: May. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40963

    Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.... Read more

    Affected Products : wp_page_builder
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293192 Results