Export limit exceeded: 45652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11428 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | ||||
| CVE-2019-11359 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | ||||
| CVE-2019-11449 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | ||||
| CVE-2025-14205 | 2 Code-projects, Fabian | 2 Chamber Of Commerce Membership Management System, Chamber Of Commerce Membership Management System | 2025-12-10 | 2.4 Low |
| A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-6946 | 1 Watchguard | 29 Firebox M270, Firebox M290, Firebox M370 and 26 more | 2025-12-10 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. | ||||
| CVE-2025-13939 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-13938 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-13937 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-13936 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-65959 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2025-12-10 | 8.7 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37. | ||||
| CVE-2024-38156 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-09 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-35267 | 1 Microsoft | 1 Azure Devops Server | 2025-12-09 | 7.6 High |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2024-35266 | 1 Microsoft | 1 Azure Devops Server | 2025-12-09 | 7.6 High |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2025-14221 | 2 Oretnom23, Sourcecodester | 2 Banking System, Online Banking System | 2025-12-09 | 3.5 Low |
| A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-66514 | 1 Nextcloud | 1 Mail | 2025-12-09 | 3.5 Low |
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code. | ||||
| CVE-2025-66554 | 1 Nextcloud | 1 Contacts | 2025-12-09 | 3.5 Low |
| Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5. | ||||
| CVE-2025-66512 | 1 Nextcloud | 4 Nextcloud, Nextcloud Enterprise Server, Nextcloud Server and 1 more | 2025-12-09 | 5.4 Medium |
| Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page. | ||||
| CVE-2022-29882 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2025-12-09 | 7.1 High |
| A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user. | ||||
| CVE-2022-29880 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2025-12-09 | 6.5 Medium |
| A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views. | ||||
| CVE-2022-29876 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2025-12-09 | 7.1 High |
| A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks. | ||||