Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-3072

    Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 02, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-29956

    Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2017-17092

    wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.... Read more

    Affected Products : debian_linux wordpress
    • Published: Dec. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17061

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-16906

    In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.... Read more

    Affected Products : groupware
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16907

    In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.... Read more

    Affected Products : groupware
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16810

    Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.... Read more

    Affected Products : octopus_deploy
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16802

    In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.... Read more

    Affected Products : misp
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16821

    b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.... Read more

    Affected Products : symphony
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16798

    In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS ... Read more

    Affected Products : cms_made_simple
    • Published: Nov. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16767

    Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.... Read more

    Affected Products : surveillance_station
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-16635

    In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `T... Read more

    Affected Products : tinywebgallery
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-52860

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DO... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-52843

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2021-29760

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-21603

    Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : jenkins
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-45131

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass secur... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-43738

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a mal... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-43723

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DO... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 5.4

    MEDIUM
    CVE-2017-15947

    Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.... Read more

    • Published: Oct. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294319 Results