Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-24876

    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.... Read more

    Affected Products : glpi
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24582

    Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has fro... Read more

    Affected Products : accounting_journal_management
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24643

    A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.... Read more

    Affected Products : openemr
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24563

    In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.... Read more

    Affected Products : genixcms
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24620

    Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.... Read more

    Affected Products : piwigo
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-35230

    An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult t... Read more

    Affected Products : zabbix frontend
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-24004

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing c... Read more

    Affected Products : redcap
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23871

    Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.... Read more

    Affected Products : gibbon
    • Published: Feb. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23726

    PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.... Read more

    Affected Products : pingcentral
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23656

    Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their accoun... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23707

    An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users... Read more

    Affected Products : kibana
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23674

    A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Man... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23502

    TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account... Read more

    Affected Products : typo3
    • Published: Dec. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9261

    Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : log_correlation_engine
    • Published: Feb. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-23068

    ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.... Read more

    Affected Products : tooljet
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23057

    In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.... Read more

    Affected Products : frappe erpnext
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23108

    Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.... Read more

    Affected Products : badge
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23049

    Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to comp... Read more

    Affected Products : exponent_cms
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23160

    Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-23051

    PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.... Read more

    Affected Products : petereport
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293665 Results