Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-5738

    The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.... Read more

    Affected Products : backup_and_migration
    • EPSS Score: %0.11
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-8337

    A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads... Read more

    • Published: Aug. 30, 2024
    • Modified: Nov. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-8554

    A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The... Read more

    • Published: Sep. 07, 2024
    • Modified: Sep. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-8583

    A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0. It has been classified as problematic. This affects an unknown part of the file /mfeedback.php of the component Feedback Handler. The manipu... Read more

    Affected Products : online_bank_management_system
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 5.4

    MEDIUM
    CVE-2023-5903

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkp_web_application_library
    • EPSS Score: %0.32
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5904

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkp_web_application_library
    • EPSS Score: %0.32
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34804

    Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5942

    The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : medialist
    • EPSS Score: %0.12
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-6368

    A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to... Read more

    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-33408

    Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.... Read more

    Affected Products : minical
    • EPSS Score: %0.21
    • Published: Jun. 05, 2023
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2023-33438

    A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : teammate\+
    • EPSS Score: %0.05
    • Published: Jun. 16, 2023
    • Modified: Dec. 12, 2024

  • 5.4

    MEDIUM
    CVE-2023-29247

    Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. ... Read more

    Affected Products : airflow
    • EPSS Score: %1.54
    • Published: May. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3058

    The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : enl-newsletter
    • Published: Apr. 26, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-7846

    YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.... Read more

    Affected Products : yith_woocommerce_ajax_search
    • Published: Sep. 23, 2024
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-7945

    A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation... Read more

    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6499

    The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : lastunes
    • EPSS Score: %0.10
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-7901

    A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross sit... Read more

    Affected Products : scada-lts
    • Published: Aug. 17, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2023-30096

    A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.... Read more

    Affected Products : messenger
    • EPSS Score: %0.49
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-6872

    The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ... Read more

    Affected Products : templatespare
    • Published: Aug. 03, 2024
    • Modified: Mar. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-6932

    A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cro... Read more

    Affected Products : classcms classcms
    • Published: Jul. 20, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results