Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-29440

    Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress.... Read more

    Affected Products : promotion_slider
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-31038

    Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in c... Read more

    Affected Products : gogs
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34336

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more

    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37160

    Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possib... Read more

    Affected Products : claroline
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-3831

    A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site sc... Read more

    Affected Products : finounce
    • Published: Jul. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-40986

    A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.... Read more

    Affected Products : webmin
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-27961

    A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.... Read more

    Affected Products : ofcms
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0711

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-... Read more

    Affected Products : wicked_folders
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-47265

    Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any ... Read more

    Affected Products : airflow
    • Published: Dec. 21, 2023
    • Modified: Feb. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-43857

    Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.... Read more

    Affected Products : dreamer_cms dreamer_cms
    • Published: Sep. 27, 2023
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2023-0823

    The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo... Read more

    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-4728

    The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated at... Read more

    Affected Products : ladipage
    • Published: Mar. 12, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-43991

    An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2018-12429

    JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.... Read more

    Affected Products : jeesns
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-2322

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.... Read more

    Affected Products : pimcore
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38724

    Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.... Read more

    Affected Products : framework assets asset_admin
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2020-4664

    IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14849

    A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.... Read more

    Affected Products : 3scale
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4786

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ... Read more

    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37429

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.... Read more

    Affected Products : framework
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 293339 Results