Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2025-34265

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are ... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34257

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the defined_name value is stored and later rendered in the Ov... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34258

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered ... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34259

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in t... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34261

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later r... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34262

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/{agent_id} endpoint. When an authenticated user renames a device, the new_name value is stored and later rendered in... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34263

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values ar... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-34264

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored proc... Read more

    Affected Products : wise-deviceon_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-68086

    Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Elementor: from n/a through <= 1.0.6.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization
  • 5.4

    MEDIUM
    CVE-2025-68085

    Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elementor: from n/a through <= 1.0.6.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization
  • 5.4

    MEDIUM
    CVE-2025-67989

    Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Server-Side Request Forgery
  • 5.4

    MEDIUM
    CVE-2025-68082

    Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through <= 1.1.32.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 5.4

    MEDIUM
    CVE-2023-53909

    WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2023-53916

    Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the p... Read more

    Affected Products : zenphoto
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2023-53910

    WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modul... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2023-53918

    PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administ... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-14020

    LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing atta... Read more

    Affected Products : line
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration
  • 5.4

    MEDIUM
    CVE-2025-37732

    Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 (... Read more

    Affected Products : kibana
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2023-53876

    Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying fil... Read more

    Affected Products : academy_lms
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 5.4

    MEDIUM
    CVE-2025-14662

    A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be in... Read more

    Affected Products : student_file_management_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4358 Results