Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-4577

    The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting att... Read more

    Affected Products : easy_testimonials
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2022-4475

    The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting atta... Read more

    Affected Products : collapse-o-matic
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-4484

    The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to p... Read more

    • Published: Jan. 16, 2023
    • Modified: Apr. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-4460

    The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site ... Read more

    Affected Products : codelights-shortcodes-and-widgets
    • Published: Jan. 16, 2023
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-4391

    The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : vision_interactive
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2022-4231

    A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be i... Read more

    Affected Products : zenario
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4235

    RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives.... Read more

    Affected Products : rushbet
    • Published: Jan. 18, 2023
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-4449

    The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting att... Read more

    Affected Products : page_scroll_to_id
    • Published: Jan. 16, 2023
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-4251

    A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. ... Read more

    Affected Products : movie_ticket_booking_system
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4353

    A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has b... Read more

    Affected Products : pb-cms
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4067

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.... Read more

    Affected Products : librenms
    • Published: Nov. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1540

    IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    • Published: Jan. 26, 2018
    • Modified: Feb. 05, 2025

  • 5.4

    MEDIUM
    CVE-2017-14921

    Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.... Read more

    Affected Products : tine_2.0
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-48427

    In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48426

    In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible... Read more

    Affected Products : teamcity
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48013

    Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t... Read more

    Affected Products : opencats
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-48010

    LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts ... Read more

    Affected Products : limesurvey
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-48178

    X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.... Read more

    Affected Products : x2crm
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-48007

    A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.... Read more

    Affected Products : piwigo
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-48085

    Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.... Read more

    Affected Products : softr
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025
Showing 20 of 293654 Results