Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-0368

    The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow ... Read more

    • EPSS Score: %0.09
    • Published: Jun. 19, 2023
    • Modified: Dec. 12, 2024

  • 5.4

    MEDIUM
    CVE-2015-1394

    Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.29
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-13931

    A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful... Read more

    Affected Products : xhq
    • EPSS Score: %0.40
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45787

    There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.... Read more

    Affected Products : maccms
    • EPSS Score: %0.18
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24308

    The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading t... Read more

    Affected Products : lifterlms
    • EPSS Score: %0.27
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-35629

    Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved i... Read more

    Affected Products : velociraptor
    • EPSS Score: %0.16
    • Published: Jul. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37239

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.... Read more

    • EPSS Score: %0.55
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41638

    Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.... Read more

    Affected Products : pop-up_chop_chop
    • EPSS Score: %0.11
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35199

    NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.50
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0542

    The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and... Read more

    Affected Products : custom_post_type_list_shortcode
    • EPSS Score: %0.12
    • Published: May. 08, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2023-0546

    The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a f... Read more

    Affected Products : contact_form contact_form
    • EPSS Score: %0.11
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-50573

    In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services... Read more

    Affected Products : hub
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-46606

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-50840

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-43730

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17276

    OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.... Read more

    Affected Products : oncommand_system_manager
    • EPSS Score: %0.36
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35959

    In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.... Read more

    Affected Products : plone
    • EPSS Score: %0.30
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48838

    Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.... Read more

    Affected Products : appointment_scheduler
    • EPSS Score: %0.18
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-53599

    A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2020-4104

    HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://su... Read more

    Affected Products : bigfix_webui
    • EPSS Score: %0.34
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results