Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-24538

    The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting... Read more

    Affected Products : current_book
    • EPSS Score: %0.26
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6775

    The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : light_for_pets
    • EPSS Score: %0.04
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-0557

    A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The ... Read more

    Affected Products : dedebiz
    • EPSS Score: %0.06
    • Published: Jan. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1938

    The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the pl... Read more

    Affected Products : awin_data_feed
    • EPSS Score: %0.72
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-16193

    osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.... Read more

    Affected Products : osticket
    • EPSS Score: %0.21
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46146

    An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.21
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20935

    cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.30
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36948

    In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.... Read more

    Affected Products : netbackup
    • EPSS Score: %0.23
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-52059

    A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.... Read more

    Affected Products : gestsup
    • EPSS Score: %0.20
    • Published: Feb. 13, 2024
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-6072

    A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM d... Read more

    Affected Products : central_management_system
    • EPSS Score: %0.09
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6142

    Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.... Read more

    Affected Products : dev_blog
    • EPSS Score: %0.08
    • Published: Nov. 21, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2021-24690

    The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.... Read more

    Affected Products : chained_quiz
    • EPSS Score: %0.25
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-30959

    In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.... Read more

    Affected Products : apollo_autopilot
    • EPSS Score: %0.18
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6485

    The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stor... Read more

    Affected Products : html5_video_player
    • EPSS Score: %2.45
    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2014-4895

    The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : herpin_time_radio
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-4897

    The Touriosity Travelmag (aka com.magzter.touriositytravelmag) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : touriosity_travelmag
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-4899

    The Indian Cement Review (aka com.magzter.indiancementreview) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : indian_cement_review
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-3730

    The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escapin... Read more

    Affected Products : simple_membership
    • Published: Apr. 25, 2024
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-37763

    MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results.... Read more

    Affected Products : machform
    • Published: Jul. 01, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2014-6841

    The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : rti_india
    • EPSS Score: %0.04
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291573 Results