Export limit exceeded: 45634 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45634 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10554 | 2 3ds, Dassault | 2 3dexperience Enovia, Enovia Product Manager | 2026-01-12 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-12956 | 2 3ds, Dassult | 2 3dexperience Enovia, Enovia Collaborative Industry Innovator | 2026-01-12 | 8.7 High |
| A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-63611 | 1 Phpgurukul | 1 Hostel Management System | 2026-01-12 | 8.7 High |
| Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser. | ||||
| CVE-2025-55204 | 1 Muffon | 1 Muffon | 2026-01-12 | 8.8 High |
| muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attacker can exploit this issue by embedding a specially crafted `muffon://` link on any website they control. When a victim visits the site or clicks the link, the browser triggers Muffon’s custom URL handler, causing the application to launch and process the URL. This leads to RCE on the victim's machine without further interaction. Version 2.3.0 patches the issue. | ||||
| CVE-2025-63725 | 2 Meeco, Radioinorr | 2 Svx Portal, Svx Portal | 2026-01-12 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php. | ||||
| CVE-2025-45466 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | 8.8 High |
| Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext. | ||||
| CVE-2025-63243 | 1 Pixeon | 1 Weblaudos | 2026-01-12 | 4.6 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 (01). The sle_sSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be executed in the victim's browser within the security context of the vulnerable application. This issue could allow attackers to steal session cookies, disclose sensitive information, perform unauthorized actions on behalf of the user, or conduct phishing attacks. | ||||
| CVE-2025-59158 | 2 Coollabs, Coollabsio | 2 Coolify, Coolify | 2026-01-12 | 8.0 High |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges (e.g., member role) can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator later attempts to delete the project or its associated resource, the payload automatically executes in the admin’s browser context. Version 4.0.0-beta.420.7 contains a patch for the issue. | ||||
| CVE-2024-38703 | 2 Wordpress, Xylusthemes | 2 Wordpress, Wp Event Aggregator | 2026-01-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9. | ||||
| CVE-2024-2470 | 1 Plugin-planet | 1 Simple Ajax Chat | 2026-01-09 | 5.4 Medium |
| The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-10709 | 2 Antongorodezkiy, Yadisk Files | 2 Yadisk Files, Yadisk Files | 2026-01-09 | 6.8 Medium |
| The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-6200 | 1 Ayecode | 1 Geodirectory | 2026-01-09 | 5.9 Medium |
| The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-2561 | 1 Ninjaforms | 1 Ninja Forms | 2026-01-09 | 4.8 Medium |
| The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-2560 | 1 Ninjaforms | 1 Ninja Forms | 2026-01-09 | 4.8 Medium |
| The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-2524 | 1 Ninjaforms | 1 Ninja Forms | 2026-01-09 | 4.8 Medium |
| The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1627 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-09 | 5.4 Medium |
| The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-1626 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-09 | 5.4 Medium |
| The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-1625 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-09 | 5.4 Medium |
| The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-1382 | 1 Lordlinus | 1 Contact Us | 2026-01-09 | 6.1 Medium |
| The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-9458 | 1 Reservit | 1 Reservit Hotel | 2026-01-09 | 4.8 Medium |
| The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||