Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-40680

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing ma... Read more

    Affected Products : fortios fortiproxy
    • Published: Dec. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40228

    IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another... Read more

    Affected Products : datapower_gateway
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40408

    FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.... Read more

    Affected Products : feehicms
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-40132

    Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3005

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vu... Read more

    Affected Products : connections
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-40131

    Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.... Read more

    Affected Products : page_view_count
    • Published: Nov. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40034

    Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.... Read more

    Affected Products : javaweb_blog
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-3986

    The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : wp_stripe_checkout
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-40044

    Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML v... Read more

    Affected Products : centreon
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-3987

    The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting ... Read more

    Affected Products : responsive_lightbox2
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-3963

    A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possibl... Read more

    Affected Products : gnuboard5 gnuboard
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3943

    A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The ... Read more

    Affected Products : foru_cms
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-18449

    Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php... Read more

    Affected Products : ukcms
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3937

    The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : easy_video_player
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-40001

    Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.... Read more

    Affected Products : feehicms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-3984

    The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripti... Read more

    Affected Products : flowplayer_video_player
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-40047

    Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.... Read more

    Affected Products : flatpress
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3958

    Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted... Read more

    Affected Products : bluespice
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3704

    A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible ... Read more

    Affected Products : rails actionpack
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3853

    Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.... Read more

    Affected Products : supra-csv-parser
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293634 Results