Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-7621

    Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kiban... Read more

    Affected Products : kibana
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-3961

    Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attribut... Read more

    Affected Products : network_security_manager
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-3902

    Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.... Read more

    Affected Products : epolicy_orchestrator
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-6591

    On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-3874

    A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2)... Read more

    Affected Products : unified_communications_manager
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-20934

    An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-2460

    Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account p... Read more

    Affected Products : application_express
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-46494

    A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.... Read more

    Affected Products : typecho
    • Published: Apr. 07, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-46409

    A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.... Read more

    Affected Products : seeddms
    • Published: Oct. 04, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-46209

    A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.... Read more

    Affected Products : redaxo
    • Published: Jan. 06, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-46081

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to v... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-46083

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is importa... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-45986

    A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and p... Read more

    • Published: Sep. 26, 2024
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2017-3482

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily "exploita... Read more

    Affected Products : flexcube_universal_banking
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-45878

    The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting (XSS).... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-45843

    Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 26, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-45920

    A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.... Read more

    Affected Products : solvait
    • Published: Sep. 30, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2019-10404

    Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label ... Read more

    Affected Products : jenkins
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-0831

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from... Read more

    • Published: Apr. 09, 2019
    • Modified: Feb. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-45740

    In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result i... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294129 Results