Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2019-7882

    A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated... Read more

    Affected Products : magento
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-17536

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.... Read more

    Affected Products : gitlab
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 5.4

    MEDIUM
    CVE-2019-7655

    Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_... Read more

    Affected Products : streaming_engine
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-7553

    PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.... Read more

    Affected Products : _auditor_website_project
    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-7356

    Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.... Read more

    Affected Products : subrion
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-7223

    InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CV... Read more

    Affected Products : invoiceplane
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-8946

    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : emptoris_sourcing
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2002-20002

    The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2019-6699

    An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.... Read more

    Affected Products : fortiadc
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-6278

    XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.... Read more

    Affected Products : jpress
    • Published: Jan. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-6262

    An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.... Read more

    Affected Products : joomla\! joomla
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-5937

    Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.... Read more

    Affected Products : garoon
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-5467

    An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-5471

    An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-5457

    Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.... Read more

    Affected Products : min-http-server
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4747

    IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4749

    IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted... Read more

    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4737

    IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... Read more

    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4665

    IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more

    Affected Products : spectrum_scale
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-10665

    The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, ... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results