Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-38189

    A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the u... Read more

    Affected Products : portal_for_arcgis
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-12182

    A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-2120

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and... Read more

    • Published: Mar. 27, 2024
    • Modified: Jan. 28, 2025

  • 5.4

    MEDIUM
    CVE-2023-30094

    A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.... Read more

    Affected Products : flow
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2014-7029

    The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate... Read more

    Affected Products : bultmonster_registret
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-23189

    Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same c... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38489

    An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.... Read more

    Affected Products : service_manager
    • Published: Jan. 10, 2023
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-23515

    Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. ... Read more

    Affected Products :
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-45313

    Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring t... Read more

    Affected Products : overleaf
    • Published: Sep. 02, 2024
    • Modified: Sep. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-24097

    Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.... Read more

    Affected Products : scholars_tracking_system
    • Published: Mar. 12, 2024
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-38975

    DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page.... Read more

    Affected Products : ec-cube
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-0394

    Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3983

    The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting ... Read more

    Affected Products : checkout_for_paypal
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-3985

    The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting ... Read more

    Affected Products : videojs_html5_player
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-27864

    IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-F... Read more

    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-23190

    Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure u... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5617

    The Exsoul Web Browser (aka com.exsoul) application 3.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : exsoul_web_browser
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-5004

    The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : cm_popup
    • Published: Jul. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2840

    The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for auth... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5662

    The Rail Rush (aka com.miniclip.railrush) application 1.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : rail_rush
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293602 Results