Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-48131

    An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.17
    • Published: Jan. 26, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-0034

    The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ... Read more

    Affected Products : jetwidgets_for_elementor
    • EPSS Score: %0.28
    • Published: Feb. 13, 2023
    • Modified: Jan. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-27156

    Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.... Read more

    Affected Products : fuel_cms
    • EPSS Score: %0.18
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24268

    The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.... Read more

    Affected Products : jetwidgets_for_elementor
    • EPSS Score: %0.22
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0078

    The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users... Read more

    Affected Products : resume_builder
    • EPSS Score: %0.10
    • Published: Mar. 06, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-5891

    Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkp_web_application_library
    • EPSS Score: %0.08
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-31774

    IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering ... Read more

    Affected Products : datapower_gateway
    • EPSS Score: %0.14
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1142

    Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters... Read more

    Affected Products : appliance
    • EPSS Score: %0.29
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3067

    Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4.... Read more

    Affected Products : trilium
    • EPSS Score: %0.06
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43714

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's ... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43191

    SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to ach... Read more

    Affected Products : springbootcms
    • EPSS Score: %0.18
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43297

    An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.12
    • Published: Oct. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3442

    A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidential... Read more

    Affected Products : openshift_api_management
    • EPSS Score: %0.21
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0271

    The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perf... Read more

    Affected Products : wp_font_awesome
    • EPSS Score: %0.11
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2020-11074

    In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.... Read more

    Affected Products : prestashop
    • EPSS Score: %0.21
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11559

    DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.... Read more

    Affected Products : domainmod
    • EPSS Score: %0.21
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-2375

    The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross... Read more

    Affected Products : wp_sticky_button
    • EPSS Score: %0.15
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0360

    The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : location_weather
    • EPSS Score: %0.30
    • Published: Feb. 13, 2023
    • Modified: Mar. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-0371

    The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St... Read more

    Affected Products : embedsocial
    • EPSS Score: %0.12
    • Published: Feb. 21, 2023
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-0439

    The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing ... Read more

    Affected Products : nex-forms
    • EPSS Score: %0.09
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292522 Results