Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-14985

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.15
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1553

    IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : infosphere_biginsights
    • EPSS Score: %0.27
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1567

    IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    • EPSS Score: %0.32
    • Published: Jan. 26, 2018
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2016-10777

    cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.32
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1629

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ... Read more

    • EPSS Score: %0.22
    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10993

    The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.... Read more

    Affected Products : scoreme
    • EPSS Score: %7.93
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-5181

    The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.... Read more

    Affected Products : jboss_a-mq
    • EPSS Score: %0.17
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16564

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).... Read more

    Affected Products : ht802_firmware ht802
    • EPSS Score: %0.15
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16568

    Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute... Read more

    Affected Products : media_server
    • EPSS Score: %0.30
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16636

    In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent... Read more

    Affected Products : bludit
    • EPSS Score: %0.27
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1444

    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.20
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-1911

    IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    Affected Products : rational_doors_next_generation
    • EPSS Score: %0.16
    • Published: Mar. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-15279

    Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/P... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %0.20
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-20372

    TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.... Read more

    Affected Products : td-w8961nd_firmware td-w8961nd
    • EPSS Score: %0.21
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20373

    Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.... Read more

    Affected Products : adsl_firmware adsl
    • EPSS Score: %0.21
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1568

    IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... Read more

    • EPSS Score: %0.16
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20627

    PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.... Read more

    Affected Products : consumer_reviews_script
    • EPSS Score: %0.21
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-15811

    The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.... Read more

    Affected Products : pootle_button
    • EPSS Score: %0.20
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-20875

    cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.21
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-20933

    cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.34
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292275 Results