Export limit exceeded: 347924 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45691 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43016 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component. | ||||
| CVE-2022-43017 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. | ||||
| CVE-2022-43018 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. | ||||
| CVE-2022-43014 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter. | ||||
| CVE-2023-4663 | 1 Adobe | 1 Connect | 2025-09-24 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9. | ||||
| CVE-2024-53459 | 1 Sysax | 1 Multi Server | 2025-09-24 | 6.1 Medium |
| Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. | ||||
| CVE-2024-13199 | 1 Mtons | 1 Mblog | 2025-09-24 | 3.5 Low |
| A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50859 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.1 Medium |
| Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter. | ||||
| CVE-2025-50858 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.1 Medium |
| Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter. | ||||
| CVE-2023-3726 | 1 Ocsinventory-ng | 1 Ocsinventory-ocsreports | 2025-09-24 | 6.9 Medium |
| OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | ||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2025-09-24 | 9.3 Critical |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | ||||
| CVE-2025-53504 | 2 Group-office, Intermesh | 2 Group Office, Group-office | 2025-09-24 | N/A |
| Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||
| CVE-2025-25973 | 1 Yandaozi | 1 Ppress | 2025-09-23 | 6.5 Medium |
| A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters. | ||||
| CVE-2025-51536 | 1 Craws | 1 Openatlas | 2025-09-23 | 9.8 Critical |
| Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. | ||||
| CVE-2025-50581 | 1 Mrcms | 1 Mrcms | 2025-09-23 | 4.8 Medium |
| MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do. | ||||
| CVE-2024-11147 | 1 Ecovacs | 28 Airbot Andy, Airbot Andy Firmware, Airbot Ava and 25 more | 2025-09-23 | 7.6 High |
| ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. | ||||
| CVE-2025-30200 | 1 Ecovacs | 26 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 23 more | 2025-09-23 | 6.3 Medium |
| ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived. | ||||
| CVE-2025-30198 | 1 Ecovacs | 26 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 23 more | 2025-09-23 | 6.3 Medium |
| ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived. | ||||
| CVE-2025-59712 | 1 Snipeitapp | 1 Snipe-it | 2025-09-23 | 6.4 Medium |
| Snipe-IT before 8.1.18 allows XSS. | ||||
| CVE-2025-59715 | 1 Smseagle | 1 Smseagle | 2025-09-23 | 4.8 Medium |
| SMSEagle before 6.11 allows reflected XSS via a username or contact phone number. | ||||