Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-4828

    The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting at... Read more

    Affected Products : bold_timeline_lite
    • EPSS Score: %0.14
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-4727

    A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/court-type. The manipulation of the argument court_name leads to cross site scripting. It is po... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-50839

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-6533

    Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an u... Read more

    Affected Products : directus
    • Published: Aug. 15, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-3364

    A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The a... Read more

    Affected Products : online_library_system
    • Published: Apr. 06, 2024
    • Modified: Feb. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-36970

    A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.13
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-51987

    Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-48534

    A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-48656

    Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products : student_management_system
    • Published: Oct. 22, 2024
    • Modified: Oct. 24, 2024

  • 5.4

    MEDIUM
    CVE-2024-20829

    Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.... Read more

    Affected Products : internet
    • Published: Mar. 05, 2024
    • Modified: Feb. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-52534

    Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.... Read more

    Affected Products : elastic_cloud_storage
    • Published: Dec. 25, 2024
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-1407

    The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on... Read more

    Affected Products : paid_memberships_pro
    • Published: Jun. 19, 2024
    • Modified: Jan. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-4726

    A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/clients. The manipulation of the argument f_name leads to cross site scripting. ... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2020-6586

    Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is trigg... Read more

    Affected Products : nagios log_server
    • EPSS Score: %7.33
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2258

    The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient ... Read more

    Affected Products : form_maker
    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-40875

    DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.07
    • Published: Aug. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-30003

    Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.... Read more

    Affected Products : online_market_place_site
    • EPSS Score: %0.15
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-41155

    A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.... Read more

    Affected Products : webmin usermin
    • EPSS Score: %0.09
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10221

    An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lo... Read more

    Affected Products : wuzhicms
    • EPSS Score: %0.21
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5619

    Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.... Read more

    Affected Products : exment
    • EPSS Score: %0.20
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292522 Results