Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-48010

    LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts ... Read more

    Affected Products : limesurvey
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48178

    X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.... Read more

    Affected Products : x2crm
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-48007

    A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.... Read more

    Affected Products : piwigo
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-48085

    Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.... Read more

    Affected Products : softr
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2022-47417

    LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.... Read more

    Affected Products : logicaldoc
    • Published: Feb. 07, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-47424

    Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2022-46805

    Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets.... Read more

    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-6796

    PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.... Read more

    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-47053

    An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.... Read more

    Affected Products : dotnetnuke
    • Published: Apr. 12, 2023
    • Modified: Feb. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-46686

    Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitabl... Read more

    Affected Products : custom_build_properties
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-46503

    A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.... Read more

    Affected Products : online_student_enrollment_system
    • Published: Jan. 12, 2023
    • Modified: Apr. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-46401

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.... Read more

    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-46180

    Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitr... Read more

    Affected Products : mermaid
    • Published: Jan. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-46149

    Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to... Read more

    Affected Products : fedora capnproto capnp
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45839

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions.... Read more

    Affected Products : wha_puzzle
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45814

    Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.... Read more

    Affected Products : wp_calendar
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-45724

    Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then p... Read more

    Affected Products : cf-wr610n_firmware cf-wr610n
    • Published: Feb. 13, 2023
    • Modified: Mar. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-45613

    Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publish... Read more

    Affected Products : book_store_management_system
    • Published: Jan. 18, 2023
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-45826

    Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Dec. 13, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2022-45358

    Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.... Read more

    Affected Products : activello activello_theme
    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293633 Results