Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-11070

    The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluat... Read more

    Affected Products : svg_sanitizer
    • EPSS Score: %0.21
    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1209

    The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up t... Read more

    Affected Products : ultimate_member
    • EPSS Score: %0.38
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24202

    In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contr... Read more

    Affected Products : website_builder
    • EPSS Score: %0.12
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24277

    The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues... Read more

    Affected Products : rss_for_yandex_turbo
    • EPSS Score: %0.19
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-16250

    The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters.... Read more

    Affected Products : witycms
    • EPSS Score: %0.19
    • Published: Jun. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24540

    The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.... Read more

    Affected Products : wonder_video_embed
    • EPSS Score: %0.18
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24601

    The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wpfront_notification_bar
    • EPSS Score: %0.16
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1590

    A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads ... Read more

    Affected Products : bludit
    • EPSS Score: %0.24
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25060

    The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscri... Read more

    • EPSS Score: %0.21
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31330

    A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.... Read more

    Affected Products : review_board
    • EPSS Score: %0.59
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31792

    XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field... Read more

    Affected Products : suitecrm
    • EPSS Score: %0.38
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-26829

    OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.... Read more

    Affected Products : scadabr
    • EPSS Score: %0.30
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-28424

    A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.... Read more

    Affected Products : teachers_record_management_system
    • EPSS Score: %0.41
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-5004

    EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site S... Read more

    • EPSS Score: %0.24
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2011-4019

    Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 a... Read more

    Affected Products : ios unified_communications_manager
    • EPSS Score: %0.43
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2021-29388

    A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.... Read more

    Affected Products : budget_management_system
    • EPSS Score: %0.18
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29250

    BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.... Read more

    Affected Products : btcpay_server
    • EPSS Score: %0.27
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35475

    SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.... Read more

    Affected Products : environment_manager
    • EPSS Score: %0.53
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3012

    A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Param... Read more

    Affected Products : portal_for_arcgis arcgis_enterprise
    • EPSS Score: %0.14
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22944

    VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrar... Read more

    Affected Products : workspace_one_boxer
    • EPSS Score: %0.45
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results