Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-43731

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.... Read more

    Affected Products : oscommerce
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38974

    A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.... Read more

    Affected Products : badaso
    • Published: Aug. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-49686

    Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4.... Read more

    Affected Products : landing_page_cat
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-28239

    Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that... Read more

    Affected Products : directus
    • Published: Mar. 12, 2024
    • Modified: Jan. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-43996

    An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1104

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : rational_quality_manager
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-4832

    The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : store_locator
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-4735

    A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tasks. The manipulation of the argument task_subject leads to cross s... Read more

    Affected Products : legal_case_management_system
    • Published: May. 14, 2024
    • Modified: Feb. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-6488

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input san... Read more

    • Published: Dec. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31550

    An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.... Read more

    Affected Products : mediawiki
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28408

    The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.... Read more

    Affected Products : dundas_bi
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-25020

    A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.... Read more

    Affected Products : pluxml
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-6646

    An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.... Read more

    Affected Products : fortiweb
    • Published: Mar. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-22491

    A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.... Read more

    Affected Products : beetl-bbs
    • Published: Jan. 16, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-40786

    HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.... Read more

    Affected Products : hkcms hkcms
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-5379

    A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be in... Read more

    Affected Products : jfinalcms
    • Published: May. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-23171

    An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-6530

    The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : tj_shortcodes
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-53975

    Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2023-41158

    A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.... Read more

    Affected Products : usermin
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results