Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2022-28286

    Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025
  • 5.4

    MEDIUM
    CVE-2022-28133

    Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumer... Read more

    Affected Products : bitbucket_server_integration
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-28153

    Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.... Read more

    Affected Products : sitemonitor
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-28102

    A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.... Read more

    Affected Products : php_mysql_admin_panel_generator
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-28051

    The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.... Read more

    Affected Products : seeddms
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27851

    Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.... Read more

    Affected Products : use_any_font
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27894

    The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0.... Read more

    Affected Products : foundry_blobster
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27855

    Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.... Read more

    Affected Products : analytics_cat
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27859

    Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.... Read more

    Affected Products : nd-travel
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27850

    Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.... Read more

    Affected Products : simple_ajax_chat
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27545

    BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27484

    A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.... Read more

    Affected Products : fortiadc
    • Published: Aug. 03, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27330

    A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.... Read more

    Affected Products : e-commerce_website
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27197

    Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.... Read more

    Affected Products : dashboard_view
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27213

    Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Conf... Read more

    Affected Products : environment_dashboard
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-26615

    A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-26295

    A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.... Read more

    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-26244

    A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.... Read more

    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-26088

    An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a c... Read more

    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025
  • 5.4

    MEDIUM
    CVE-2022-25873

    The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.... Read more

    Affected Products : vuetify
    • Published: Sep. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293961 Results