Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2015-3619

    Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_na... Read more

    Affected Products : virtuemart
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-35345

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2015-3172

    EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.... Read more

    Affected Products : eidogo
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-8651

    A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft ... Read more

    Affected Products : dynamics_nav
    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2883

    Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.... Read more

    Affected Products : in.sight_b120\\37
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-1003042

    A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.... Read more

    Affected Products : lockable_resources
    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-35112

    IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    Affected Products : control_center
    • Published: Jan. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-34913

    An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : r-pan-scaffolding
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34804

    Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5277

    PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0... Read more

    Affected Products : faceted_search_module
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5266

    In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0... Read more

    Affected Products : prestashop_link prestashop_linklist
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-18985

    Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vuln... Read more

    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-19570

    GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34471

    An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file locati... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2020-2111

    Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.... Read more

    Affected Products : subversion
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34357

    TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController... Read more

    Affected Products : typo3
    • Published: May. 14, 2024
    • Modified: Sep. 03, 2025

  • 5.4

    MEDIUM
    CVE-2020-2513

    Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via H... Read more

    Affected Products : application_express
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2324

    Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : photo_gallery
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-34356

    TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulne... Read more

    Affected Products : typo3
    • Published: May. 14, 2024
    • Modified: Sep. 03, 2025

  • 5.4

    MEDIUM
    CVE-2015-2249

    Zimbra Collaboration before 8.6.0 patch5 has XSS.... Read more

    Affected Products : zimbra_collaboration_server
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294605 Results