Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-34963

    OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.... Read more

    Affected Products : open_source_social_network
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0526

    The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : post_shortcode
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-1099

    A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the a... Read more

    Affected Products : rebuild
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0604

    The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : wp_food_manager
    • Published: Aug. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-29833

    The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace withi... Read more

    Affected Products : photo_gallery
    • Published: Mar. 26, 2024
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-0780

    Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.... Read more

    Affected Products : cockpit
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14469

    In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.... Read more

    Affected Products : nexus_repository_manager
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43876

    A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.... Read more

    Affected Products : october
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43988

    An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2018-10806

    An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.... Read more

    Affected Products : frog_cms frogcms
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-4298

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    • Published: May. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-26688

    Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2021-36398

    In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Mar. 06, 2023
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-0256

    pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : pimcore
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9465

    Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to... Read more

    Affected Products : owncloud nextcloud_server
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-44851

    A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.... Read more

    Affected Products : perfex_crm
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 5.4

    MEDIUM
    CVE-2020-4666

    IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36668

    Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for fur... Read more

    Affected Products : garage_management_system
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-42335

    Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.... Read more

    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-30172

    Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additi... Read more

    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293602 Results