Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-0208

    A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface ... Read more

    Affected Products : email_encryption
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0576

    Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : events_manager events_manager
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0578

    Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : pixelyoursite
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-8070

    QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.... Read more

    Affected Products : qcms
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1000113

    A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript... Read more

    Affected Products : testlink
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-5940

    IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session... Read more

    Affected Products : kenexa_lms kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-8978

    Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.... Read more

    Affected Products : open-audit open-audit
    • Published: Mar. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9017

    dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.... Read more

    Affected Products : dsmall
    • Published: Mar. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9121

    In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment.... Read more

    Affected Products : crea8social
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9123

    In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile.... Read more

    Affected Products : crea8social
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9163

    A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to ... Read more

    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10527

    EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI.... Read more

    Affected Products : easycms easycms
    • Published: Apr. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-5870

    Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (... Read more

    Affected Products : vimbadmin
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-5900

    Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.... Read more

    Affected Products : nb16wv-02_firmware nb16wv-02
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-7328

    The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : brain_abundance_info
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7342

    The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : echo_news
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7358

    The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : vermont_powder
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-11124

    Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.... Read more

    Affected Products : open-audit
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-0376

    SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be e... Read more

    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-6864

    The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.... Read more

    Affected Products : ruggedcom_rox_i
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292811 Results