Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-1117

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.... Read more

    Affected Products : pimcore
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4775

    A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's... Read more

    Affected Products : curam_social_program_management
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37430

    Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).... Read more

    Affected Products : framework
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-1067

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.... Read more

    Affected Products : pimcore
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-12745

    out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.... Read more

    Affected Products : seeddms
    • Published: Jun. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-12683

    Katyshop2 before 2.12 has multiple stored XSS issues.... Read more

    Affected Products : katyshop2
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5547

    The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : mahjong_galaxy_space_lite
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5557

    The America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... Read more

    Affected Products : america\'s_economy_for_phone
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-45269

    Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.... Read more

    Affected Products : simple_seo
    • Published: Oct. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1726

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01. ... Read more

    • Published: Apr. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1767

    The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package ... Read more

    Affected Products : advisor
    • Published: Apr. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37373

    Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of... Read more

    Affected Products : slice_firmware slice
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2018-13335

    Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37456

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).... Read more

    Affected Products : axon_pbx
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2998

    A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store N... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-40690

    Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.... Read more

    Affected Products : bookstack
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2017-15538

    Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes... Read more

    Affected Products : ilias
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-29628

    A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.... Read more

    Affected Products : online_market_place_site
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34323

    Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is pres... Read more

    Affected Products : sage_xrt_business_exchange
    • Published: Jan. 01, 2023
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2019-0375

    SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in... Read more

    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results