Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-30789

    MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.... Read more

    Affected Products : monica
    • EPSS Score: %0.48
    • Published: May. 08, 2023
    • Modified: Feb. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-41139

    MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.... Read more

    Affected Products : caldera caldera
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-4653

    The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    • EPSS Score: %0.11
    • Published: Jan. 16, 2023
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-4677

    The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : leaflet_maps_marker
    • EPSS Score: %0.34
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-31862

    jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicio... Read more

    Affected Products : jizhicms
    • EPSS Score: %0.08
    • Published: May. 19, 2023
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2020-24670

    The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' ... Read more

    Affected Products : vantara_pentaho
    • EPSS Score: %0.21
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-47073

    A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.... Read more

    Affected Products : small_crm small_crm
    • EPSS Score: %0.18
    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 5.4

    MEDIUM
    CVE-2022-42000

    Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.... Read more

    Affected Products : bluespice
    • EPSS Score: %0.33
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-24860

    CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.63
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48177

    X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScri... Read more

    Affected Products : x2crm
    • EPSS Score: %1.49
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2020-13892

    The SportsPress plugin before 2.7.2 for WordPress allows XSS.... Read more

    Affected Products : sportspress
    • EPSS Score: %0.16
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-24924

    A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter... Read more

    Affected Products : elkarbackup
    • EPSS Score: %0.26
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4864

    Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.... Read more

    Affected Products : froxlor
    • EPSS Score: %0.07
    • Published: Dec. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4306

    The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permiss... Read more

    Affected Products : panda_pods_repeater_field
    • EPSS Score: %8.28
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-43144

    A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.94
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2020-18693

    Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.... Read more

    Affected Products : minewebcms
    • EPSS Score: %0.26
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43491

    Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-43499

    Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.... Read more

    Affected Products : shirasagi
    • EPSS Score: %0.29
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-4377

    A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross s... Read more

    Affected Products : s-cms
    • EPSS Score: %0.09
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4381

    The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : popup_maker
    • EPSS Score: %0.14
    • Published: Jan. 02, 2023
    • Modified: Apr. 10, 2025
Showing 20 of 291002 Results