Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-32540

    Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack.... Read more

    Affected Products : 101eip
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50837

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2021-21649

    Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.... Read more

    Affected Products : dashboard_view
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50842

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Nov. 14, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-50702

    TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.... Read more

    Affected Products : teampass
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.4

    MEDIUM
    CVE-2021-32544

    Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.... Read more

    Affected Products : igt\+
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-21087

    Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vu... Read more

    Affected Products : coldfusion
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50692

    SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the rea... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2022-34791

    Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.... Read more

    Affected Products : validating_email_parameter
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-32475

    ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.... Read more

    Affected Products : moodle
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50582

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50578

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50580

    In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2022-34787

    Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.... Read more

    Affected Products : project_inheritance
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50577

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50581

    In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2020-8263

    A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8189

    A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.... Read more

    Affected Products : desktop
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-50576

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2020-5765

    Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's ... Read more

    Affected Products : nessus
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293781 Results