Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-44390

    A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.... Read more

    Affected Products : eyoucms
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12101

    CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.... Read more

    Affected Products : clippercms
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-37162

    Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.... Read more

    Affected Products : claroline
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0535

    The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ... Read more

    • Published: Feb. 27, 2023
    • Modified: Mar. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-0538

    The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe... Read more

    Affected Products : campaign_url_builder
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-25873

    Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : enhavo
    • Published: Feb. 22, 2024
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-53976

    Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2023-43712

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web b... Read more

    Affected Products : oscommerce
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43721

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a ... Read more

    Affected Products : oscommerce
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43728

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a us... Read more

    Affected Products : oscommerce
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-30112

    HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker stea... Read more

    Affected Products : connections
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4013

    The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.... Read more

    Affected Products : crucible fisheye
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4162

    IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    Affected Products : infosphere_information_server
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24251

    WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js.... Read more

    Affected Products : wangeditor
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9034

    Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.... Read more

    Affected Products : relevanssi
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36175

    An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sectio... Read more

    Affected Products : fortiweb
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-44042

    A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.... Read more

    Affected Products : blackcat_cms
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-12082

    A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).... Read more

    Affected Products : flexnet_code_insight
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-1023

    The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers wit... Read more

    Affected Products : wp_meta_seo
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-4926

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attac... Read more

    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293494 Results