Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-41542

    devhub 0.102.0 was discovered to contain a broken session control.... Read more

    Affected Products : devhub
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-41472

    74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.... Read more

    Affected Products : 74cmsse
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41299

    IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    Affected Products : cloud_transformation_advisor
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-41242

    A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.... Read more

    Affected Products : extreme-feedback
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41431

    xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.... Read more

    Affected Products : xzs
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41239

    Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : dotci
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41229

    Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi... Read more

    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41206

    SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful explo... Read more

    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-41224

    Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control to... Read more

    Affected Products : jenkins
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41049

    Windows Mark of the Web Security Feature Bypass Vulnerability... Read more

    • Actively Exploited
    • Published: Nov. 09, 2022
    • Modified: Feb. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-40849

    ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the clie... Read more

    Affected Products : thinkcmf
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-40750

    IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more

    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40748

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-40744

    IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more

    Affected Products : aspera_faspex
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40680

    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing ma... Read more

    Affected Products : fortios fortiproxy
    • Published: Dec. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40228

    IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another... Read more

    Affected Products : datapower_gateway
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-40408

    FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.... Read more

    Affected Products : feehicms
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-40132

    Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3005

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vu... Read more

    Affected Products : connections
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-40131

    Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.... Read more

    Affected Products : page_view_count
    • Published: Nov. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293650 Results