Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-0542

    The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and... Read more

    Affected Products : custom_post_type_list_shortcode
    • EPSS Score: %0.12
    • Published: May. 08, 2023
    • Modified: Feb. 04, 2025

  • 5.4

    MEDIUM
    CVE-2023-0546

    The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a f... Read more

    Affected Products : contact_form contact_form
    • EPSS Score: %0.11
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-50573

    In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services... Read more

    Affected Products : hub
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-46606

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-50840

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-43730

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17276

    OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.... Read more

    Affected Products : oncommand_system_manager
    • EPSS Score: %0.36
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-35959

    In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.... Read more

    Affected Products : plone
    • EPSS Score: %0.30
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48838

    Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.... Read more

    Affected Products : appointment_scheduler
    • EPSS Score: %0.18
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-53599

    A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2020-4104

    HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://su... Read more

    Affected Products : bigfix_webui
    • EPSS Score: %0.34
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43704

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.... Read more

    Affected Products : oscommerce
    • EPSS Score: %0.12
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42029

    IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... Read more

    • EPSS Score: %0.06
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-8942

    Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.... Read more

    Affected Products : xiuno_bbs
    • EPSS Score: %0.21
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43871

    A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.21
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9120

    In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post.... Read more

    Affected Products : crea8social
    • EPSS Score: %0.19
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0995

    Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.... Read more

    Affected Products : bumsys business_management_system
    • EPSS Score: %0.09
    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2619

    The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-le... Read more

    • Published: May. 16, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2018-9155

    Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Man... Read more

    Affected Products : open-audit open-audit
    • EPSS Score: %0.20
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-28522

    ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.... Read more

    Affected Products : zcms
    • EPSS Score: %0.20
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291618 Results