Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2013-2688

    Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP po... Read more

    • Published: Jul. 12, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-24062

    springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.... Read more

    Affected Products : springboot-manager
    • Published: Feb. 01, 2024
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-23941

    Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the prod... Read more

    Affected Products : group_office
    • Published: Feb. 01, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-23905

    Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : red_hat_dependency_analytics
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2020-26063

    A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper ... Read more

    Affected Products : unified_computing_system
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2020-0923

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from... Read more

    • Published: Apr. 15, 2020
    • Modified: Feb. 28, 2025

  • 5.4

    MEDIUM
    CVE-2020-26067

    A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulne... Read more

    Affected Products : webex_teams
    • Published: Nov. 18, 2024
    • Modified: Aug. 01, 2025

  • 5.4

    MEDIUM
    CVE-2020-26046

    FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.... Read more

    Affected Products : fuel_cms
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25955

    SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab.... Read more

    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25876

    A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.... Read more

    Affected Products : codoforum
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25879

    A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.... Read more

    Affected Products : codoforum
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-29497

    Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device ta... Read more

    Affected Products : wyse_management_suite
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-2108

    WordPress WP Cleanfix Plugin 2.4.4 has CSRF... Read more

    Affected Products : cleanfix
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-2101

    Katello has multiple XSS issues in various entities... Read more

    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-26035

    An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.... Read more

    Affected Products : zammad
    • Published: Dec. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-23782

    Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.... Read more

    Affected Products : a-blog_cms
    • Published: Jan. 28, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2013-1932

    A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.... Read more

    Affected Products : mantisbt
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-1934

    A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.... Read more

    Affected Products : debian_linux mantisbt
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25609

    The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.... Read more

    Affected Products : micollab
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-25832

    Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.... Read more

    Affected Products : filr
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294842 Results