Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-23726

    PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.... Read more

    Affected Products : pingcentral
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23656

    Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their accoun... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23707

    An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users... Read more

    Affected Products : kibana
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23674

    A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Man... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23502

    TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account... Read more

    Affected Products : typo3
    • Published: Dec. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9261

    Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : log_correlation_engine
    • Published: Feb. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-23068

    ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.... Read more

    Affected Products : tooljet
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23057

    In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.... Read more

    Affected Products : frappe erpnext
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23108

    Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.... Read more

    Affected Products : badge
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23049

    Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to comp... Read more

    Affected Products : exponent_cms
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23160

    Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23051

    PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.... Read more

    Affected Products : petereport
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22852

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.... Read more

    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22804

    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a pag... Read more

    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22850

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.... Read more

    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22853

    A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field.... Read more

    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22502

    IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22305

    An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unau... Read more

    • Published: Sep. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22511

    Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has bee... Read more

    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-22387

    IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session... Read more

    Affected Products : application_gateway
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025
Showing 20 of 293656 Results