Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-1812

    IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerabili... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24464

    Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as ... Read more

    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-5544

    The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108.... Read more

    • Published: Oct. 22, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-2000

    Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website ... Read more

    • Published: May. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-16807

    A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.... Read more

    Affected Products : panel kirby
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16819

    A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) th... Read more

    Affected Products : rtc-1000_firmware rtc-1000
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-3142

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.... Read more

    Affected Products : microweber cockpit
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0431

    The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : file_away
    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1689

    IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    Affected Products : rational_doors_next_generation
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1536

    IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi... Read more

    Affected Products : websphere_portal
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8802

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-45094

    Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.... Read more

    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-38904

    A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.... Read more

    Affected Products : netlify_cms
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-4382

    A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to... Read more

    Affected Products : hyip_rio
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-35011

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other a... Read more

    Affected Products : cognos_analytics
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-13076

    A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross s... Read more

    Affected Products : land_record_system
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 5.4

    MEDIUM
    CVE-2021-25921

    In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the ex... Read more

    Affected Products : openemr
    • Published: Mar. 22, 2021
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2021-24208

    The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sendi... Read more

    Affected Products : wp_page_builder
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28190

    Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups... Read more

    Affected Products : contao
    • Published: Apr. 09, 2024
    • Modified: Jan. 16, 2025

  • 5.4

    MEDIUM
    CVE-2021-20550

    IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more

    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293649 Results