Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-3021

    Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.... Read more

    Affected Products : i\,_librarian
    • EPSS Score: %0.04
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35723

    Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that ar... Read more

    • EPSS Score: %0.15
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42458

    Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contain... Read more

    Affected Products : zope
    • EPSS Score: %0.23
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-37528

    IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to ... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-10935

    Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.30
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0168

    The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : olevmedia_shortcodes
    • EPSS Score: %0.10
    • Published: Feb. 27, 2023
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2023-0176

    The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor ro... Read more

    • EPSS Score: %0.25
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2021-24439

    The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.... Read more

    Affected Products : browser_screenshots
    • EPSS Score: %0.21
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0272

    The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : nex-forms
    • EPSS Score: %0.14
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2018-11572

    ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.... Read more

    Affected Products : clippercms
    • EPSS Score: %0.21
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24548

    The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.... Read more

    Affected Products : mimetic_books
    • EPSS Score: %0.21
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3938

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : snipe-it
    • EPSS Score: %0.23
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0368

    The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow ... Read more

    • EPSS Score: %0.09
    • Published: Jun. 19, 2023
    • Modified: Dec. 12, 2024

  • 5.4

    MEDIUM
    CVE-2015-1394

    Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.29
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-13931

    A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful... Read more

    Affected Products : xhq
    • EPSS Score: %0.40
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45787

    There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.... Read more

    Affected Products : maccms
    • EPSS Score: %0.18
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24308

    The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading t... Read more

    Affected Products : lifterlms
    • EPSS Score: %0.27
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-35629

    Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved i... Read more

    Affected Products : velociraptor
    • EPSS Score: %0.16
    • Published: Jul. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37239

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.... Read more

    • EPSS Score: %0.55
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41638

    Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.... Read more

    Affected Products : pop-up_chop_chop
    • EPSS Score: %0.11
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291593 Results