Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-52822

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DO... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-52763

    A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.... Read more

    Affected Products : ganglia-web
    • Published: Nov. 19, 2024
    • Modified: Nov. 29, 2024

  • 5.4

    MEDIUM
    CVE-2021-40711

    Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be ... Read more

    Affected Products : experience_manager
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-52599

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability t... Read more

    Affected Products : tuleap
    • Published: Dec. 09, 2024
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-52701

    A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.... Read more

    Affected Products : piwigo
    • Published: Nov. 20, 2024
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2021-40577

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.... Read more

    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40509

    ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.... Read more

    Affected Products : jforum
    • Published: Sep. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40440

    Microsoft Dynamics Business Central Cross-site Scripting Vulnerability... Read more

    Affected Products : dynamics_365_business_central
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40377

    SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.... Read more

    Affected Products : smartermail
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40337

    Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne ... Read more

    Affected Products : linkone
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40292

    A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.... Read more

    Affected Products : dzzoffice
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40094

    A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.... Read more

    Affected Products : squaredup
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40214

    Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.... Read more

    Affected Products : gibbon
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40092

    A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.... Read more

    Affected Products : squaredup
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-40093

    A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.... Read more

    Affected Products : squaredup
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-20514

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack a... Read more

    • Published: Nov. 06, 2024
    • Modified: Jul. 31, 2025

  • 5.4

    MEDIUM
    CVE-2021-3920

    grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : grav-plugin-admin
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3862

    icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : icecoder
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3921

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : firefly_iii
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-3841

    sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.... Read more

    Affected Products : sylius
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 293940 Results