Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-2224

    The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible ... Read more

    Affected Products : gallery_for_social_photo
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-34991

    Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.... Read more

    Affected Products : paymoney
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36637

    Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.... Read more

    Affected Products : garage_management_system
    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-36365

    Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress.... Read more

    Affected Products : wha_crossword
    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-39988

    A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.... Read more

    Affected Products : centreon
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-2997

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vu... Read more

    Affected Products : connections
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-35612

    A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.... Read more

    Affected Products : mqttroute
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2021-33231

    Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.... Read more

    Affected Products : service_manager
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2016-5944

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.... Read more

    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-38146

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).... Read more

    Affected Products : framework admin
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-45040

    A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-5797

    A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may ... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7408

    A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross si... Read more

    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-52379

    Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upg... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-8115

    A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument regi... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2021-37552

    In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.... Read more

    Affected Products : youtrack
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9891

    Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).... Read more

    Affected Products : dotclear
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-6030

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8968

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-38966

    IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru... Read more

    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293618 Results