Export limit exceeded: 349430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53525 | 1 Wegia | 1 Wegia | 2025-07-10 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter. This vulnerability is fixed in 3.4.3. | ||||
| CVE-2025-53526 | 1 Wegia | 1 Wegia | 2025-07-10 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3. | ||||
| CVE-2024-44081 | 2 8x8, Jitsi | 2 Jitsi Meet, Meet | 2025-07-10 | 9.8 Critical |
| In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format. | ||||
| CVE-2024-44080 | 2 8x8, Jitsi | 2 Jitsi Meet, Meet | 2025-07-10 | 7.5 High |
| In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format. | ||||
| CVE-2024-35236 | 2 Advplyr, Audiobookshelf | 2 Audiobookshelf, Audiobookshelf | 2025-07-10 | 4.8 Medium |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability. | ||||
| CVE-2023-48082 | 1 Nagios | 2 Nagios Xi, Xi | 2025-07-10 | 9.1 Critical |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
| CVE-2025-27099 | 1 Enalean | 1 Tuleap | 2025-07-10 | 4.8 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10. | ||||
| CVE-2024-38208 | 2 Google, Microsoft | 2 Android, Edge | 2025-07-10 | 6.1 Medium |
| Microsoft Edge for Android Spoofing Vulnerability | ||||
| CVE-2024-38166 | 1 Microsoft | 1 Dynamics Crm Service Portal Web Resource | 2025-07-10 | 8.2 High |
| An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. | ||||
| CVE-2024-38211 | 1 Microsoft | 1 Dynamics 365 | 2025-07-10 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-38108 | 1 Microsoft | 1 Azure Stack Hub | 2025-07-10 | 9.3 Critical |
| Azure Stack Hub Spoofing Vulnerability | ||||
| CVE-2025-5887 | 1 Jsnjfz | 1 Webstack-guns | 2025-07-10 | 3.5 Low |
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5722 | 1 Logsign | 2 Unified Secops, Unified Secops Platform | 2025-07-10 | N/A |
| Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170. | ||||
| CVE-2024-41380 | 1 Microweber | 1 Microweber | 2025-07-10 | 6.1 Medium |
| microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. | ||||
| CVE-2024-41381 | 1 Microweber | 1 Microweber | 2025-07-10 | 6.1 Medium |
| microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. | ||||
| CVE-2024-43346 | 1 Wow-company | 1 Modal Window | 2025-07-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3. | ||||
| CVE-2024-45920 | 1 Solvait | 1 Solvait | 2025-07-10 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature. | ||||
| CVE-2024-25411 | 1 Flatpress | 1 Flatpress | 2025-07-10 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. | ||||
| CVE-2025-53377 | 1 Wegia | 1 Wegia | 2025-07-10 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_funcionario parameter. This vulnerability is fixed in 3.4.3. | ||||
| CVE-2024-39926 | 2 Dani-garcia, Vaultwarden | 2 Vaultwarden, Vaultwarden | 2025-07-10 | 5.4 Medium |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. | ||||