Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-45879

    GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.... Read more

    Affected Products : gibbon
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22402

    Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed t... Read more

    Affected Products : nextcloud_server notes guests
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24566

    In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).... Read more

    Affected Products : checkmk checkmk
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-32144

    Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.... Read more

    Affected Products : welcart_e-commerce
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0407

    A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based manag... Read more

    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5809

    A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in ... Read more

    Affected Products : umbraco_cms
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-20133

    A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validati... Read more

    Affected Products : webex_meetings
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46174

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-5713

    The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-39178

    MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid.... Read more

    Affected Products :
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6714

    The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : webmd
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-10047

    A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code an... Read more

    Affected Products : pydio
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34887

    Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.... Read more

    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-52069

    kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.... Read more

    Affected Products : kodbox
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-2837

    The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : wp_chat_app
    • Published: Apr. 26, 2024
    • Modified: Apr. 14, 2025

  • 5.4

    MEDIUM
    CVE-2021-20111

    A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malic... Read more

    Affected Products : tcexam
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1413

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: May. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-49987

    A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.... Read more

    Affected Products : school_fees_management_system
    • Published: Mar. 07, 2024
    • Modified: Apr. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-25434

    A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter.... Read more

    Affected Products : open_journal_systems
    • Published: Mar. 01, 2024
    • Modified: Apr. 16, 2025

  • 5.4

    MEDIUM
    CVE-2014-6958

    The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a ... Read more

    Affected Products : ismrm-esmrmb_2014
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292795 Results