Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-25907

    Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. ... Read more

    Affected Products : wp_media_folder
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27509

    Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. Th... Read more

    Affected Products : galaxkey
    • Published: Jun. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27406

    Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.... Read more

    Affected Products : dynpg dynpg_cms
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27388

    Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.... Read more

    Affected Products : yourls
    • Published: Oct. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-5223

    Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3... Read more

    Affected Products : dsl-2760u dsl-2760u_firmware
    • Actively Exploited
    • Published: Nov. 19, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-5132

    Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.... Read more

    Affected Products : airport_base_station_firmware
    • Published: Sep. 08, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-28090

    Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.... Read more

    Affected Products :
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-25692

    There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impac... Read more

    Affected Products : linux_kernel windows portal_for_arcgis
    • Published: Apr. 04, 2024
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2013-4791

    PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.... Read more

    Affected Products : prestashop
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-25633

    eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regula... Read more

    Affected Products : elabftw
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-25582

    Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary acce... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 5.4

    MEDIUM
    CVE-2013-4669

    FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with... Read more

    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-0976

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-29027

    Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.... Read more

    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4356

    Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).... Read more

    Affected Products : xen
    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-4125

    The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in... Read more

    Affected Products : linux_kernel
    • Published: Jul. 15, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-2225

    Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.... Read more

    Affected Products : matrix_project
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-14899

    Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege... Read more

    Affected Products : application_express
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-31908

    In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.... Read more

    Affected Products : teamcity
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24937

    In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible... Read more

    Affected Products : teamcity
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results