Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-47524

    F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.... Read more

    Affected Products : safe
    • EPSS Score: %0.22
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2017-7422

    Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to by... Read more

    • EPSS Score: %0.10
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-4757

    The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting ... Read more

    Affected Products : list_pages_shortcode
    • EPSS Score: %0.11
    • Published: Feb. 27, 2023
    • Modified: Mar. 10, 2025

  • 5.4

    MEDIUM
    CVE-2014-5593

    The Christian Dating Cafe (aka com.christiancafe.mobile.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce... Read more

    Affected Products : christian_dating_cafe
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4783

    The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to ... Read more

    Affected Products : youtube_channel_gallery
    • EPSS Score: %0.24
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-4786

    The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : video.js
    • EPSS Score: %0.12
    • Published: Feb. 21, 2023
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-0902

    A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is pos... Read more

    • EPSS Score: %0.70
    • Published: Feb. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1022

    The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subs... Read more

    Affected Products : wp_meta_seo
    • EPSS Score: %0.09
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34550

    Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter.... Read more

    • EPSS Score: %0.20
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1572

    A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the loca... Read more

    Affected Products : datagear
    • EPSS Score: %0.06
    • Published: Mar. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1796

    A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argume... Read more

    Affected Products : employee_payslip_generator_system
    • EPSS Score: %0.06
    • Published: Apr. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-5471

    An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.07
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3970

    A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of... Read more

    Affected Products : availability_booking_calendar_php
    • EPSS Score: %0.07
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25879

    A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.... Read more

    Affected Products : codoforum
    • EPSS Score: %0.16
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0173

    The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role... Read more

    Affected Products : drag_\&_drop_sales_funnel_builder
    • EPSS Score: %0.25
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0369

    The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored ... Read more

    Affected Products : gotowp
    • EPSS Score: %0.12
    • Published: Mar. 20, 2023
    • Modified: Feb. 26, 2025

  • 5.4

    MEDIUM
    CVE-2023-21523

    A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account... Read more

    Affected Products : athoc
    • EPSS Score: %0.47
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0403

    The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers... Read more

    Affected Products : social_warfare
    • EPSS Score: %0.06
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38303

    An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.... Read more

    Affected Products : webmin
    • EPSS Score: %0.16
    • Published: Jul. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1245

    Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.... Read more

    Affected Products : answer
    • EPSS Score: %0.09
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291002 Results