Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-14547

    An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attach... Read more

    Affected Products : espocrm
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14549

    An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies w... Read more

    Affected Products : espocrm
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11223

    XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.... Read more

    Affected Products : pandora_fms artica_pandora_fms
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11715

    The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.... Read more

    Affected Products : recent_threads
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1889

    IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru... Read more

    Affected Products : security_guardium
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7751

    The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : recetas_de_tragos
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-19227

    An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.... Read more

    Affected Products : laobancms
    • Published: Nov. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12311

    Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12672

    The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to per... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-18475

    Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code w... Read more

    Affected Products : hucart
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-20903

    The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.... Read more

    Affected Products : editor-core
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-19286

    A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.... Read more

    Affected Products : jeesns
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20781

    A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.... Read more

    Affected Products : ucms
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18600

    The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.... Read more

    Affected Products : formcraft
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-7492

    Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a craf... Read more

    • Published: Feb. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-3413

    All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked.... Read more

    Affected Products : netnumen_dap_firmware netnumen_dap
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2264

    Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.... Read more

    Affected Products : custom_job_icon
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23185

    A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : php-fusion
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-23370

    In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.... Read more

    Affected Products : yzmcms
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4431

    IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    • Published: Feb. 12, 2020
    • Modified: Mar. 25, 2025
Showing 20 of 292815 Results