Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-20347

    WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.... Read more

    Affected Products : wtcms
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-35006

    IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : cpe security_qradar_edr
    • Published: Jul. 10, 2024
    • Modified: Sep. 15, 2025

  • 5.4

    MEDIUM
    CVE-2020-19294

    A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.... Read more

    Affected Products : jeesns
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3026

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks... Read more

    Affected Products : maxbuttons
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-5074

    The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_emember
    • Published: Jul. 13, 2024
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-5644

    The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : tournamatch
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-39737

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sy... Read more

    Affected Products : datacap datacap_navigator
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4224

    An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-7013

    Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: Jul. 16, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2021-41391

    In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.... Read more

    Affected Products : enterprise_content_management
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-39125

    Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.... Read more

    Affected Products : roundup
    • Published: Jul. 17, 2024
    • Modified: Mar. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-0006

    Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.... Read more

    Affected Products : yugabytedb
    • Published: Jul. 19, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29821

    IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... Read more

    Affected Products : tivoli_netcool\/omnibus_webgui
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-41707

    An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data sto... Read more

    Affected Products : archer
    • Published: Jul. 25, 2024
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-25090

    Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you d... Read more

    Affected Products : roller
    • Published: Jul. 26, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-6727

    A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application.... Read more

    Affected Products :
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-6536

    The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap... Read more

    • Published: Jul. 30, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-7225

    A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of ... Read more

    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-41917

    webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting... Read more

    Affected Products : webtareas
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24712

    The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.... Read more

    Affected Products : appointment_hour_booking
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294738 Results