Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-40690

    Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.... Read more

    Affected Products : bookstack
    • EPSS Score: %0.46
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2017-15538

    Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes... Read more

    Affected Products : ilias
    • EPSS Score: %0.43
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-29628

    A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.... Read more

    Affected Products : online_market_place_site
    • EPSS Score: %0.20
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34323

    Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is pres... Read more

    Affected Products : sage_xrt_business_exchange
    • EPSS Score: %0.11
    • Published: Jan. 01, 2023
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2019-0375

    SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in... Read more

    • EPSS Score: %0.46
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-10790

    openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.... Read more

    Affected Products : openitcockpit
    • EPSS Score: %0.38
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-13388

    The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.... Read more

    Affected Products : crucible fisheye
    • EPSS Score: %0.18
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27615

    SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks.... Read more

    Affected Products : manufacturing_execution
    • EPSS Score: %0.36
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-39372

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their accou... Read more

    Affected Products : glpi
    • EPSS Score: %0.14
    • Published: Nov. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-21921

    Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged a... Read more

    Affected Products : health_sciences_inform
    • EPSS Score: %0.34
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-4725

    A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/client_user. The manipulation of the argument f_name leads to cross s... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2014-6682

    The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information v... Read more

    Affected Products : w88235ff7bdc2fb574f1789750ea99ed6
    • EPSS Score: %0.04
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-30015

    In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.... Read more

    Affected Products : simple_food_website
    • EPSS Score: %0.20
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6696

    The Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlparty) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... Read more

    Affected Products : candy_girl_party_makeover
    • EPSS Score: %0.04
    • Published: Sep. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-28004

    Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. ... Read more

    Affected Products : colibri_page_builder
    • Published: Mar. 28, 2024
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-27716

    Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields.... Read more

    Affected Products :
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6716

    The fastin (aka moda.azyae.fastin.net) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : fastin
    • EPSS Score: %0.04
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2021-27907

    Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in ... Read more

    Affected Products : superset
    • EPSS Score: %2.92
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-37856

    Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.... Read more

    Affected Products : lost_and_found_information_system
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28106

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the ... Read more

    Affected Products : phpmyfaq
    • Published: Mar. 25, 2024
    • Modified: Jan. 09, 2025
Showing 20 of 291401 Results