Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-50100

    JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.... Read more

    Affected Products : jfinalcms
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5867

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.... Read more

    Affected Products : phpmyfaq
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-0023

    A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on ad... Read more

    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37453

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).... Read more

    Affected Products : axon_pbx
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37458

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).... Read more

    Affected Products : axon_pbx
    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-37936

    It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search te... Read more

    Affected Products : kibana
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-29530

    An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.... Read more

    Affected Products : misp
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-29584

    Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.... Read more

    Affected Products : mahara
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-12554

    The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2023-45879

    GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.... Read more

    Affected Products : gibbon
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22402

    Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed t... Read more

    Affected Products : nextcloud_server notes guests
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24566

    In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).... Read more

    Affected Products : checkmk checkmk
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-32144

    Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.... Read more

    Affected Products : welcart_e-commerce
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0407

    A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based manag... Read more

    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5809

    A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in ... Read more

    Affected Products : umbraco_cms
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-20133

    A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validati... Read more

    Affected Products : webex_meetings
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46174

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-5713

    The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-39178

    MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid.... Read more

    Affected Products :
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6714

    The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : webmd
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293280 Results