Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-0719

    The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ... Read more

    Affected Products : tabs_shortcode_and_widget
    • Published: Mar. 18, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2021-38607

    Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.... Read more

    Affected Products : jetengine
    • EPSS Score: %0.21
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14014

    An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.... Read more

    Affected Products : navigate_cms
    • EPSS Score: %0.21
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6966

    The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : west_bend_school_district
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5693

    The Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) application 1.47.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce... Read more

    Affected Products : slots_vacation_-_free_slots_
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5702

    The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : penguin_run
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-18417

    In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.... Read more

    Affected Products : ekushey_project_manager
    • EPSS Score: %0.19
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1706

    IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more

    Affected Products : spectrum_symphony
    • EPSS Score: %0.11
    • Published: Oct. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000137

    Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).... Read more

    Affected Products : mahara
    • EPSS Score: %0.19
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-6369

    The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible... Read more

    • EPSS Score: %0.32
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2018-1440

    IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.16
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-50470

    A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : seacms
    • EPSS Score: %0.21
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49117

    PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and ea... Read more

    Affected Products : powercms
    • EPSS Score: %0.20
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12981

    An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting ... Read more

    • EPSS Score: %2.62
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4027

    IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.23
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7017

    The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi... Read more

    Affected Products : tim_ban_bon_phuong
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000223

    A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control... Read more

    Affected Products : modx_revolution
    • EPSS Score: %0.26
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-7032

    The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : myhabit
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4408

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.07
    • Published: Dec. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20350

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more

    • EPSS Score: %0.21
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291578 Results