Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-34064

    Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a sep... Read more

    Affected Products : fedora jinja
    • Published: May. 06, 2024
    • Modified: Sep. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-10074

    A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initia... Read more

    Affected Products : i-educar
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-10075

    A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be lau... Read more

    Affected Products : online_polling_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-33998

    Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-39372

    GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their accou... Read more

    Affected Products : glpi
    • Published: Nov. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-30596

    A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle enterprise_linux fedora
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-9734

    A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/appli... Read more

    Affected Products : o2oa
    • Published: Aug. 31, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9737

    A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/query... Read more

    Affected Products : o2oa
    • Published: Aug. 31, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-58818

    Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker allows Cross Site Request Forgery. This issue affects Developer Tools Blocker: from n/a through 3.2.1.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-58785

    Missing Authorization vulnerability in jbhovik Ray Enterprise Translation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ray Enterprise Translation: from n/a through 1.7.1.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9834

    A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack re... Read more

    Affected Products : small_crm
    • Published: Sep. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8695

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad NetGIS Server allows Reflected XSS.This issue affects NetGIS Server: from 5.2.4 through 22.08.2025.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-58801

    Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-54411

    Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.... Read more

    Affected Products : discourse
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41039

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_vers... Read more

    Affected Products : apprain
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9754

    A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site ... Read more

    Affected Products : online_hospital_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41050

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/develo... Read more

    Affected Products : apprain
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41049

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/develo... Read more

    Affected Products : apprain
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41042

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]' para... Read more

    Affected Products : apprain
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41038

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter in /apprain/admin/managegroup/add/.... Read more

    Affected Products : apprain
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293609 Results