Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-30736

    Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.... Read more

    Affected Products : samsung_assistant assistant
    • EPSS Score: %0.13
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4624

    The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack... Read more

    Affected Products : gs_logo_slider
    • EPSS Score: %0.11
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-32061

    Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulne... Read more

    Affected Products : discourse
    • EPSS Score: %0.06
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4753

    The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : print-o-matic
    • EPSS Score: %0.11
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-34297

    Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.... Read more

    Affected Products : gii
    • EPSS Score: %0.16
    • Published: Dec. 09, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2020-13889

    showAlert() in the administration panel in Bludit 3.12.0 allows XSS.... Read more

    Affected Products : bludit
    • EPSS Score: %1.69
    • Published: Jun. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4838

    The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks ... Read more

    Affected Products : clean_login
    • EPSS Score: %0.29
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-32694

    Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the... Read more

    Affected Products : saleor
    • EPSS Score: %0.23
    • Published: May. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1984

    IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : rational_team_concert
    • EPSS Score: %0.23
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-33780

    A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.... Read more

    Affected Products : smartcars_3
    • EPSS Score: %0.45
    • Published: May. 26, 2023
    • Modified: Jan. 14, 2025

  • 5.4

    MEDIUM
    CVE-2014-3531

    Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.... Read more

    Affected Products : foreman
    • EPSS Score: %0.20
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-3434

    Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger. ... Read more

    Affected Products : windows jami
    • EPSS Score: %0.07
    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-44949

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML ... Read more

    Affected Products : rukovoditel
    • EPSS Score: %1.73
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-45375

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.... Read more

    Affected Products : ifeature_slider
    • EPSS Score: %0.14
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4554

    B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. ... Read more

    Affected Products : b2b_dealer_order_system
    • EPSS Score: %0.08
    • Published: Jan. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0174

    The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : wp_vr wp_vr
    • EPSS Score: %0.37
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0171

    The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and ab... Read more

    Affected Products : jquery_t\(-\)_countdown_widget
    • EPSS Score: %0.30
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0212

    The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    Affected Products : advanced_recent_posts
    • EPSS Score: %0.12
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-0333

    The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack... Read more

    Affected Products : templatesnext_toolkit
    • EPSS Score: %0.25
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-46903

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored... Read more

    Affected Products : websoft_hcm
    • EPSS Score: %0.52
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 292316 Results