Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-6029

    A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.... Read more

    Affected Products : atvise_scada
    • Published: May. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2020-19617

    Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.... Read more

    Affected Products : mblog
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-6215

    paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.... Read more

    Affected Products : php_permissions_sdk paypal
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-32970

    Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions.... Read more

    Affected Products : portfolio_post
    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40902

    flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page.... Read more

    Affected Products : flatcore-cms
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-19924

    In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.... Read more

    Affected Products : boostnote boostnote
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38390

    Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    Affected Products : business_automation_workflow
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24388

    Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).... Read more

    Affected Products : booking_calendar
    • Published: Feb. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-15395

    A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20357

    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more

    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3935

    The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2020-4360

    IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : planning_analytics_local
    • Published: Jun. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34537

    Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi.... Read more

    Affected Products : megapix_firmware megapix
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-20696

    A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.... Read more

    Affected Products : gila_cms
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3628

    OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.... Read more

    Affected Products : openkm
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-20746

    Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : wordpress_popular_posts
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4426

    The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun... Read more

    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41785

    Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions.... Read more

    Affected Products : gallery_images_ape
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42099

    KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.... Read more

    Affected Products : klik
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-42205

    PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.... Read more

    • Published: Oct. 21, 2022
    • Modified: May. 08, 2025
Showing 20 of 292815 Results