Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-44276

    OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.... Read more

    Affected Products : opnsense
    • EPSS Score: %0.20
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50983

    FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name sect... Read more

    Affected Products : flightpath
    • Published: Nov. 15, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-44761

    Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.30
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8780

    Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.... Read more

    Affected Products : jease
    • EPSS Score: %0.14
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24563

    In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.46
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2121

    The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supp... Read more

    • Published: Mar. 27, 2024
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-52584

    Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission.... Read more

    Affected Products : autolab
    • Published: Nov. 18, 2024
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-52944

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could r... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-40282

    Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.... Read more

    Affected Products : wifi_pocket_firmware wifi_pocket
    • EPSS Score: %0.13
    • Published: Aug. 23, 2023
    • Modified: Jul. 01, 2025

  • 5.4

    MEDIUM
    CVE-2014-8944

    Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.... Read more

    Affected Products : lexiglot
    • EPSS Score: %0.21
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27991

    Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).... Read more

    Affected Products : nagios_xi
    • EPSS Score: %17.74
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-45806

    Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able... Read more

    Affected Products : discourse
    • EPSS Score: %2.60
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10051

    iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.... Read more

    Affected Products : supportdesk
    • EPSS Score: %0.28
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-40705

    Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.... Read more

    Affected Products : video_insight
    • EPSS Score: %0.09
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-45998

    kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.... Read more

    Affected Products : kodbox
    • EPSS Score: %0.16
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-33910

    An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of dow... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.25
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4673

    The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : rate_my_post
    • EPSS Score: %0.11
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-4479

    The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : table_of_contents_plus
    • EPSS Score: %0.14
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-4811

    The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : wordpress_file_upload
    • EPSS Score: %0.10
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-23941

    Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the prod... Read more

    Affected Products : group_office
    • EPSS Score: %0.10
    • Published: Feb. 01, 2024
    • Modified: Jun. 04, 2025
Showing 20 of 291578 Results