Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-22116

    In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in... Read more

    Affected Products : directus directus
    • EPSS Score: %0.21
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22494

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.05
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-2252

    The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitiza... Read more

    Affected Products : droit_elementor_addons
    • Published: Mar. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22559

    LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.... Read more

    Affected Products : lightcms
    • EPSS Score: %0.08
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-4645

    A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtc... Read more

    • Published: May. 08, 2024
    • Modified: Feb. 10, 2025

  • 5.4

    MEDIUM
    CVE-2014-5588

    The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : free_ebooks
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4005

    The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : donation_button
    • EPSS Score: %0.14
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-40002

    Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.... Read more

    Affected Products : feehicms
    • EPSS Score: %0.05
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2014-5607

    The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : where\'s_my_water\?_free
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5623

    The penguinchefshop (aka com.freegames.penguinchefshop) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate... Read more

    Affected Products : penguinchefshop
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2023-31806

    Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.46
    • Published: May. 09, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-28794

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : infosphere_information_server
    • Published: Jun. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2402

    The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : better_comments
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2014-5707

    The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : bunny_run
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-29237

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database ... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-22546

    Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.... Read more

    Affected Products : businessobjects_web_intelligence
    • EPSS Score: %0.38
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-30140

    HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.... Read more

    Affected Products : bigfix_compliance
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-25737

    A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site S... Read more

    Affected Products :
    • Published: May. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5802

    The PlayScape (aka playscape.mominis.gameconsole.com) application 9.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : playscape
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5826

    The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar) application 1.20.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cr... Read more

    Affected Products : rix_go_locker_theme
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292762 Results