Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-26073

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Mar. 18, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2025-46891

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-52830

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2025-47000

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-36165

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-52824

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-52834

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2025-47071

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2020-17145

    Azure DevOps Server and Team Foundation Services Spoofing Vulnerability... Read more

    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 5.4

    MEDIUM
    CVE-2020-1297

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from... Read more

    • Published: Jun. 09, 2020
    • Modified: Feb. 28, 2025

  • 5.4

    MEDIUM
    CVE-2020-17021

    Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability... Read more

    Affected Products : dynamics_365
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-16978

    <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a spec... Read more

    Affected Products : dynamics_365
    • Published: Oct. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-17005

    Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability... Read more

    Affected Products : dynamics_365
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-16861

    <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a spec... Read more

    Affected Products : dynamics_365
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-2043

    Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the norma... Read more

    Affected Products : fedora leap phpmyadmin opensuse
    • Published: Feb. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2011-4632

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.... Read more

    Affected Products : typo3
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-16266

    An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of a... Read more

    Affected Products : mantisbt
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2011-1767

    net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-16157

    A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.... Read more

    Affected Products : log_server
    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9681

    Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.... Read more

    Affected Products : serendipity
    • Published: Dec. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294848 Results