Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-3567

    Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-15968

    A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management inte... Read more

    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25392

    A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.... Read more

    Affected Products : csz_cms
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-2092

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-6577

    A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP... Read more

    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-6653

    There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.... Read more

    Affected Products : big-iq_centralized_management
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-18636

    A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter.... Read more

    Affected Products : .net_forum
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19085

    A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : server
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27990

    Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).... Read more

    Affected Products : nagios_xi
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28047

    AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' param... Read more

    Affected Products : audimexee
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-7544

    An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field.... Read more

    Affected Products : mywebsql
    • Published: Feb. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28409

    The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.... Read more

    Affected Products : dundas_bi
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-7881

    A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).... Read more

    Affected Products : magento
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28647

    In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the co... Read more

    Affected Products : moveit_transfer
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-8138

    A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by s... Read more

    Affected Products : magento
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-8439

    An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.... Read more

    Affected Products : dilicms
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-20575

    An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-36553

    Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.... Read more

    • Published: Jul. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4303

    IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted... Read more

    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4409

    HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name retu... Read more

    Affected Products : traveler
    • Published: Oct. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292815 Results