Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-10980

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post w... Read more

    Affected Products : element_pack
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-32681

    Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the... Read more

    Affected Products : wagtail wagtail
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-0465

    Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause... Read more

    • Published: Feb. 22, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-10191

    An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/contro... Read more

    Affected Products : munkireport
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3091

    A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site ... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 30, 2024
    • Modified: Feb. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-3365

    A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scri... Read more

    Affected Products : online_library_system
    • Published: Apr. 06, 2024
    • Modified: Feb. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-52941

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This c... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2018-6862

    Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.... Read more

    Affected Products : bitcoin_mlm
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6864

    Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.... Read more

    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6935

    PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-3994

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization an... Read more

    Affected Products : tutor_lms
    • Published: Apr. 25, 2024
    • Modified: Jan. 15, 2025

  • 5.4

    MEDIUM
    CVE-2022-26593

    Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asse... Read more

    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-31131

    Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to i... Read more

    Affected Products : nextcloud_server nextcloud_mail notes
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24812

    Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be us... Read more

    Affected Products : frappe
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0364

    The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored... Read more

    Affected Products : real.kit
    • Published: Mar. 20, 2023
    • Modified: Feb. 26, 2025

  • 5.4

    MEDIUM
    CVE-2023-4799

    The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St... Read more

    Affected Products : magic_embeds
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48201

    Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component.... Read more

    Affected Products : sunlight_cms
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-35294

    An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to info... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2733

    The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : bold_page_builder
    • Published: Apr. 10, 2024
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-25224

    A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.... Read more

    Affected Products : simple_admin_panel
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025
Showing 20 of 293592 Results