Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-19918

    CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.... Read more

    Affected Products : cuppacms
    • EPSS Score: %0.19
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2018-2397

    In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.... Read more

    • EPSS Score: %0.17
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9102

    Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos,... Read more

    Affected Products : photo_station
    • EPSS Score: %0.33
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-37241

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.... Read more

    • EPSS Score: %0.55
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-12879

    Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.28
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-1128

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible ... Read more

    Affected Products : tutor_lms
    • Published: Feb. 29, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2018-1762

    IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten... Read more

    • EPSS Score: %0.23
    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48129

    An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.17
    • Published: Jan. 26, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2020-4165

    IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions a... Read more

    • EPSS Score: %0.09
    • Published: Aug. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-44275

    OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.... Read more

    Affected Products : opnsense
    • EPSS Score: %0.28
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43232

    A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.... Read more

    Affected Products : dedebiz
    • EPSS Score: %0.58
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0408

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component.... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.18
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2017-1369

    IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more

    • EPSS Score: %0.27
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-26138

    All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additio... Read more

    Affected Products : drogon
    • EPSS Score: %0.20
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5738

    The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ... Read more

    Affected Products : garfield\'s_defense
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-23989

    NeDi 1.9C allows pwsec.php oid XSS.... Read more

    Affected Products : nedi
    • EPSS Score: %0.21
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-7076

    A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper acces... Read more

    Affected Products :
    • Published: Jul. 06, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2007-1475

    Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : php
    • EPSS Score: %2.99
    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2009-0803

    SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access ... Read more

    • EPSS Score: %0.97
    • Published: Mar. 04, 2009
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2016-10813

    cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.26
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292721 Results