Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-45614

    Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on prox... Read more

    Affected Products : puma
    • Published: Sep. 19, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-45514

    An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45517

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's sessio... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45511

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim open... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 20, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2018-17537

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .... Read more

    Affected Products : gitlab
    • Published: Apr. 16, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2017-3131

    A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.... Read more

    Affected Products : fortios
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-45292

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue ha... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Oct. 07, 2024
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-45278

    SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.... Read more

    Affected Products : commerce_backoffice
    • Published: Oct. 08, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-45153

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Oct. 07, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-45046

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary Java... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Aug. 28, 2024
    • Modified: Sep. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-44837

    A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.... Read more

    Affected Products : drug
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2017-14186

    A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login... Read more

    Affected Products : fortios
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-24156

    Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation... Read more

    Affected Products : testimonial_rotator
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-12978

    lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.... Read more

    Affected Products : cacti
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2713

    HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An ... Read more

    Affected Products : p9_firmware p9
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2610

    jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).... Read more

    Affected Products : jenkins
    • Published: May. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24147

    Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author ... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-7469

    A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2... Read more

    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2255

    Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".... Read more

    Affected Products : garoon
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-3433

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web... Read more

    Affected Products : business_intelligence
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294273 Results