Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-37856

    Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.... Read more

    Affected Products : lost_and_found_information_system
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28106

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the ... Read more

    Affected Products : phpmyfaq
    • Published: Mar. 25, 2024
    • Modified: Jan. 09, 2025

  • 5.4

    MEDIUM
    CVE-2014-6792

    The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : suriname_radio
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-13828

    Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parame... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3830

    btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : btcpay_server btcpayserver
    • Published: Sep. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3633

    The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : webp_\&_svg_support
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2022-38801

    In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.... Read more

    Affected Products : biotime
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2019-16333

    GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.... Read more

    Affected Products : getsimple_cms getsimple_cms
    • Published: Sep. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-0890

    Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.... Read more

    Affected Products : nextcloud_server
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-22435

    IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru... Read more

    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-0719

    The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ... Read more

    Affected Products : tabs_shortcode_and_widget
    • Published: Mar. 18, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2021-38607

    Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.... Read more

    Affected Products : jetengine
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6966

    The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : west_bend_school_district
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-1706

    IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more

    Affected Products : spectrum_symphony
    • Published: Oct. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000137

    Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-6369

    The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-50470

    A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : seacms
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49117

    PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and ea... Read more

    Affected Products : powercms
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12981

    An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting ... Read more

    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4027

    IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292875 Results