Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-7309

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to i... Read more

    Affected Products : record_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-7355

    The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This ma... Read more

    Affected Products : organization_chart
    • Published: Aug. 07, 2024
    • Modified: Mar. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-6884

    The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and ab... Read more

    Affected Products : gutenberg_blocks_with_ai
    • Published: Aug. 08, 2024
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-40473

    A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields.... Read more

    • Published: Aug. 12, 2024
    • Modified: Sep. 03, 2024

  • 5.4

    MEDIUM
    CVE-2020-23044

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.... Read more

    Affected Products : dedecms
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23049

    Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web sc... Read more

    Affected Products : fork_cms
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28955

    SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fi... Read more

    Affected Products : sugarcrm
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7685

    A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7686

    A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_la... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-33536

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of ... Read more

    Affected Products : collaboration
    • Published: Aug. 12, 2024
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2024-41735

    SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.... Read more

    Affected Products : commerce_backoffice
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2021-36698

    Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42662

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the we... Read more

    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43198

    In JetBrains TeamCity before 2021.1.2, stored XSS is possible.... Read more

    Affected Products : teamcity
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43561

    An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to explo... Read more

    Affected Products : google_for_jobs
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-42939

    A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.... Read more

    Affected Products : yzncms
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 5.4

    MEDIUM
    CVE-2021-39054

    IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's... Read more

    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20946

    Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.... Read more

    Affected Products : qibosoft
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45905

    OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.... Read more

    Affected Products : openwrt
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-25988

    In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.... Read more

    Affected Products : ifme
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294470 Results