Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-35011

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.... Read more

    Affected Products : idccms idccms
    • Published: May. 14, 2024
    • Modified: Apr. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-3058

    A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. T... Read more

    Affected Products : customer_relationship_management
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-8867

    A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads ... Read more

    Affected Products : perfex_crm
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-54919

    A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-6523

    A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> l... Read more

    Affected Products : biotime
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-33787

    A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.... Read more

    Affected Products : netbox netbox
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7914

    A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site s... Read more

    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-6079

    A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a ... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-6175

    The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it poss... Read more

    Affected Products :
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-7644

    A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/pho... Read more

    Affected Products : leads_manager_tool
    • Published: Aug. 12, 2024
    • Modified: Sep. 09, 2024

  • 5.4

    MEDIUM
    CVE-2024-8610

    A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last... Read more

    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-9075

    A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiat... Read more

    Affected Products : stirling_pdf
    • Published: Sep. 21, 2024
    • Modified: Sep. 30, 2024

  • 5.4

    MEDIUM
    CVE-2023-30216

    Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.... Read more

    Affected Products : newbee-mall
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-9587

    The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributo... Read more

    Affected Products : linkz.ai
    • Published: Oct. 11, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-7398

    Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can ... Read more

    Affected Products : concrete_cms concrete5
    • Published: Sep. 25, 2024
    • Modified: Jan. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-6889

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.... Read more

    Affected Products : phpmyfaq
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-8139

    A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.... Read more

    Affected Products : magento
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-9872

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including,... Read more

    • Published: Dec. 06, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2017-9674

    In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.... Read more

    Affected Products : simplece
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2025-5973

    A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-table.php. The manipulation of the argument tableno leads to cross sit... Read more

    Affected Products : restaurant_table_booking_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293542 Results