Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-34648

    Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.... Read more

    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0060

    The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-0074

    The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfor... Read more

    Affected Products : wp_social_widget
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-0073

    The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : client_logo_carousel
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-40684

    IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le... Read more

    Affected Products : content_navigator
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9520

    A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user ... Read more

    Affected Products : vibe
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41343

    Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0891

    The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : stagtools
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-20096

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient inpu... Read more

    Affected Products : unified_contact_center_express
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24081

    Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing ... Read more

    Affected Products : tutortrac
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2023-44173

    Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. ... Read more

    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24651

    Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page.... Read more

    • Published: Feb. 27, 2023
    • Modified: Jun. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-24724

    A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is ... Read more

    Affected Products : web_administration_interface
    • Published: Apr. 03, 2023
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2023-25077

    Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.... Read more

    Affected Products : ec-cube
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-45587

    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to exe... Read more

    Affected Products : fortisandbox
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-43728

    Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter.... Read more

    Affected Products : lv-wr09_firmware lv-wr09
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-46471

    Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.... Read more

    Affected Products : yacms
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-26448

    Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions ... Read more

    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-22902

    Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.... Read more

    Affected Products : mail2000
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-23611

    LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on t... Read more

    Affected Products : xblock-lti-consumer
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results