Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-27851

    Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpre... Read more

    Affected Products : gravityforms
    • EPSS Score: %0.23
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-29636

    Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.... Read more

    Affected Products : zhenfeng13_my-blog
    • EPSS Score: %0.45
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2021-24177

    In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflec... Read more

    Affected Products : file_manager file_manager file_manager
    • EPSS Score: %0.24
    • Published: Apr. 05, 2021
    • Modified: Mar. 24, 2025

  • 5.4

    MEDIUM
    CVE-2023-30417

    A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.... Read more

    Affected Products : pear_admin_boot
    • EPSS Score: %0.08
    • Published: Apr. 25, 2023
    • Modified: Feb. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-49270

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed un... Read more

    Affected Products : hotel_management
    • EPSS Score: %0.20
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-3140

    A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross sit... Read more

    • Published: Apr. 01, 2024
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2024-31889

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    Affected Products : planning_analytics_local
    • Published: May. 31, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2021-24269

    The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.... Read more

    Affected Products : sina_extension_for_elementor
    • EPSS Score: %0.22
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-50639

    Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.... Read more

    Affected Products : cute_http_file_server
    • EPSS Score: %0.09
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6890

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.12
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6990

    The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This mak... Read more

    Affected Products : weaver_xtreme_theme_support
    • EPSS Score: %0.13
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-51068

    An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.20
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-1818

    The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack o... Read more

    Affected Products : multi-page_toolkit
    • EPSS Score: %0.08
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24523

    The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues.... Read more

    Affected Products : daily_prayer_time daily_prayer_time
    • EPSS Score: %0.21
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6777

    The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : blueeleph
    • EPSS Score: %0.04
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-36791

    Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.... Read more

    Affected Products : torro_forms
    • EPSS Score: %0.17
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3614

    A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cros... Read more

    Affected Products : warehouse_management_system
    • Published: Apr. 11, 2024
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2024-36450

    Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a s... Read more

    Affected Products : webmin
    • Published: Jul. 10, 2024
    • Modified: Mar. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-6011

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396. ... Read more

    Affected Products : geodi
    • EPSS Score: %0.17
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37137

    PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will pr... Read more

    Affected Products : paymoney
    • EPSS Score: %0.57
    • Published: Sep. 14, 2022
    • Modified: Jun. 04, 2025
Showing 20 of 292321 Results