Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-26043

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Mar. 18, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2013-3636

    ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag... Read more

    Affected Products : projectpier
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3635

    ProjectPier 0.8.8 has stored XSS... Read more

    Affected Products : projectpier
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24840

    Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. ... Read more

    Affected Products : element_pack
    • Published: Mar. 23, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2021-36946

    Microsoft Dynamics Business Central Cross-site Scripting Vulnerability... Read more

    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-13403

    The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site s... Read more

    Affected Products : jira jira_server
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-26816

    SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enabl... Read more

    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24785

    If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.... Read more

    Affected Products : go
    • Published: Mar. 05, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2020-26701

    Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.... Read more

    Affected Products : kaa
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-26733

    Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.... Read more

    Affected Products : gn542vf_firmware gn542vf
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-26669

    A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24571

    facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.... Read more

    Affected Products : facilemanager
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-24569

    The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version... Read more

    Affected Products : java_code_security_toolkit
    • Published: Feb. 01, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-26609

    fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.... Read more

    Affected Products : fastadmin
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3067

    Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.... Read more

    Affected Products : wrt310n_firmware wrt310n
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3039

    IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : rational_requirements_composer
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-3038

    Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors.... Read more

    Affected Products : rational_requirements_composer
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2015-0383

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-26555

    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.... Read more

    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-26680

    In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out... Read more

    Affected Products : vfairs
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results