Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-55232

    An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete... Read more

    • Published: Dec. 18, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-4476

    The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting ... Read more

    • Published: Jan. 16, 2023
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-31425

    Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This issue affects Amelia: from n/a through 1.0.95. ... Read more

    Affected Products : amelia
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0068

    The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contri... Read more

    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-31298

    A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.... Read more

    Affected Products : haraj
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33696

    SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify... Read more

    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-31303

    maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.... Read more

    Affected Products : maccms
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-4795

    The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Sc... Read more

    Affected Products : testimonial_slider_shortcode
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-3137

    The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file... Read more

    Affected Products : taskbuilder
    • Published: Oct. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-7261

    There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).... Read more

    Affected Products : radiant_cms
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48200

    Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.... Read more

    Affected Products : grocy grocy
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3021

    Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.... Read more

    Affected Products : i\,_librarian
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35723

    Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that ar... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42458

    Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contain... Read more

    Affected Products : zope
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-37528

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to ... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-10935

    Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.... Read more

    Affected Products : zulip_server
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0168

    The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : olevmedia_shortcodes
    • Published: Feb. 27, 2023
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2023-0176

    The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor ro... Read more

    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2021-24439

    The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.... Read more

    Affected Products : browser_screenshots
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0272

    The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : nex-forms
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025
Showing 20 of 292811 Results