Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-12136

    There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.... Read more

    Affected Products : boostnote
    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5837

    The My Railway (aka com.gameinsight.myrailway) application 1.1.33 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : my_railway
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-0208

    Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.... Read more

    Affected Products : foreman
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-8759

    Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.... Read more

    Affected Products : typo3
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-9084

    A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age/bloodgroup/city/phno/gender as part of String leads to ... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2016-3098

    Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.... Read more

    Affected Products : administrate
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-22654

    Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D... Read more

    • Published: May. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-33632

    Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-31807

    Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.... Read more

    Affected Products : chamilo_lms
    • Published: May. 09, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-37238

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.... Read more

    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1740

    IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia... Read more

    Affected Products : security_access_manager
    • Published: Dec. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-5892

    Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspeci... Read more

    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-1764

    IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w... Read more

    Affected Products : rational_quality_manager
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-8509

    A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scri... Read more

    Affected Products : i-educar
    • Published: Aug. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7819

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /create-pass.php of the component HTTP POST Request Handler. The manipulation of the argument... Read more

    • Published: Jul. 19, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7903

    A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers.... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-7865

    A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipul... Read more

    Affected Products : jeesite
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20147

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.  This... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-21128

    Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via ... Read more

    Affected Products : application_object_library
    • Published: Jul. 16, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2023-20205

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against ... Read more

    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results