Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-42348

    Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42346

    Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42115

    Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Labe... Read more

    Affected Products : liferay_portal
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-42141

    Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-42345

    Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42000

    Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.... Read more

    Affected Products : bluespice
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41788

    Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.... Read more

    Affected Products : soledad
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41638

    Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.... Read more

    Affected Products : pop-up_chop_chop
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41446

    An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.... Read more

    Affected Products : record_management_system
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41542

    devhub 0.102.0 was discovered to contain a broken session control.... Read more

    Affected Products : devhub
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-41472

    74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.... Read more

    Affected Products : 74cmsse
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41299

    IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    Affected Products : cloud_transformation_advisor
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41242

    A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.... Read more

    Affected Products : extreme-feedback
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41431

    xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.... Read more

    Affected Products : xzs
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41239

    Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : dotci
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41229

    Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi... Read more

    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41206

    SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful explo... Read more

    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-41224

    Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control to... Read more

    Affected Products : jenkins
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41049

    Windows Mark of the Web Security Feature Bypass Vulnerability... Read more

    • Actively Exploited
    • Published: Nov. 09, 2022
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-40849

    ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the clie... Read more

    Affected Products : thinkcmf
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293639 Results