Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-4787

    Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : shortcodes
    • EPSS Score: %0.12
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-27593

    A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vul... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-45528

    CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS.... Read more

    Affected Products : membership_management_system
    • Published: Sep. 02, 2024
    • Modified: Mar. 31, 2025

  • 5.4

    MEDIUM
    CVE-2023-26842

    A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.... Read more

    Affected Products : churchcrm
    • EPSS Score: %17.47
    • Published: May. 31, 2023
    • Modified: Jan. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-43710

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized ex... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43703

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43724

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthor... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.10
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38970

    Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.... Read more

    Affected Products : badaso
    • EPSS Score: %0.30
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38991

    An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.... Read more

    Affected Products : jeesite
    • EPSS Score: %0.04
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43990

    An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.08
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2016-6550

    The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : the_u
    • EPSS Score: %0.04
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-4732

    A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/service. The manipulation of the argument name leads to cross site ... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2021-41866

    MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.... Read more

    Affected Products : mybb
    • EPSS Score: %0.28
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-44276

    OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.... Read more

    Affected Products : opnsense
    • EPSS Score: %0.20
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50983

    FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name sect... Read more

    Affected Products : flightpath
    • Published: Nov. 15, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-44761

    Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.30
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-8780

    Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.... Read more

    Affected Products : jease
    • EPSS Score: %0.14
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24563

    In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.46
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2121

    The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supp... Read more

    • Published: Mar. 27, 2024
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-52584

    Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission.... Read more

    Affected Products : autolab
    • Published: Nov. 18, 2024
    • Modified: Jan. 21, 2025
Showing 20 of 291736 Results