Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-21158

    A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.... Read more

    Affected Products : marktext
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20969

    A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitiz... Read more

    Affected Products : umbrella
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-52993

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2022-20965

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access con... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20627

    Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerab... Read more

    • Published: May. 03, 2022
    • Modified: Nov. 26, 2024

  • 5.4

    MEDIUM
    CVE-2022-20615

    Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.... Read more

    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20629

    Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerab... Read more

    • Published: May. 03, 2022
    • Modified: Nov. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-52991

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2022-35137

    DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... Read more

    Affected Products : dgiot
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-52992

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2022-1928

    Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.... Read more

    Affected Products : gitea
    • Published: May. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1792

    The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation ... Read more

    Affected Products : quick_subscribe
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1757

    The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it co... Read more

    Affected Products : pagebar
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1763

    Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting ... Read more

    Affected Products : static_page_extended
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1780

    The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the... Read more

    Affected Products : latex
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1755

    The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks... Read more

    Affected Products : svg_support
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-1787

    The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisa... Read more

    Affected Products : sideblog
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1526

    A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to ini... Read more

    Affected Products : emlog
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1416

    Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker control... Read more

    Affected Products : gitlab
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1197

    When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another re... Read more

    Affected Products : thunderbird
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025
Showing 20 of 293939 Results