Export limit exceeded: 47251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47251 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46410 | 1 Wwbn | 1 Avideo | 2025-11-03 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-41420 | 1 Wwbn | 1 Avideo | 2025-11-03 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-36548 | 1 Wwbn | 1 Avideo | 2025-11-03 | 8.3 High |
| A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-32731 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2025-11-03 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-30087 | 1 Bestpractical | 1 Request Tracker | 2025-11-03 | 7.2 High |
| Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. | ||||
| CVE-2025-27679 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005. | ||||
| CVE-2025-27676 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002. | ||||
| CVE-2025-27654 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. | ||||
| CVE-2025-27653 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. | ||||
| CVE-2025-27643 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006. | ||||
| CVE-2025-27637 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. | ||||
| CVE-2025-26065 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-11-03 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network. | ||||
| CVE-2025-26064 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-11-03 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | ||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | ||||
| CVE-2024-56519 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | ||||
| CVE-2024-47093 | 1 Nagvis | 1 Nagvis | 2025-11-03 | 8.8 High |
| Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | ||||
| CVE-2024-47090 | 1 Nagvis | 1 Nagvis | 2025-11-03 | 6.1 Medium |
| Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | ||||
| CVE-2024-45699 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 5.4 Medium |
| The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. | ||||
| CVE-2024-43799 | 2 Redhat, Send Project | 11 Discovery, Network Observ Optr, Openshift and 8 more | 2025-11-03 | 5 Medium |
| Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. | ||||
| CVE-2023-46287 | 1 Nagvis | 1 Nagvis | 2025-11-03 | 6.1 Medium |
| XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | ||||