Export limit exceeded: 47251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-46410 1 Wwbn 1 Avideo 2025-11-03 9.6 Critical
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-41420 1 Wwbn 1 Avideo 2025-11-03 9.6 Critical
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-36548 1 Wwbn 1 Avideo 2025-11-03 8.3 High
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-32731 1 Meddream 2 Pacs Premium, Pacs Server 2025-11-03 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-30087 1 Bestpractical 1 Request Tracker 2025-11-03 7.2 High
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVE-2025-27679 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005.
CVE-2025-27676 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002.
CVE-2025-27654 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.
CVE-2025-27653 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012.
CVE-2025-27643 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 9.8 Critical
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.
CVE-2025-27637 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.
CVE-2025-26065 1 Intelbras 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more 2025-11-03 7.3 High
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.
CVE-2025-26064 1 Intelbras 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more 2025-11-03 7.3 High
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.
CVE-2024-56527 1 Tcpdf Project 1 Tcpdf 2025-11-03 7.5 High
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
CVE-2024-56519 1 Tcpdf Project 1 Tcpdf 2025-11-03 7.5 High
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
CVE-2024-47093 1 Nagvis 1 Nagvis 2025-11-03 8.8 High
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
CVE-2024-47090 1 Nagvis 1 Nagvis 2025-11-03 6.1 Medium
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS
CVE-2024-45699 1 Zabbix 1 Zabbix 2025-11-03 5.4 Medium
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
CVE-2024-43799 2 Redhat, Send Project 11 Discovery, Network Observ Optr, Openshift and 8 more 2025-11-03 5 Medium
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
CVE-2023-46287 1 Nagvis 1 Nagvis 2025-11-03 6.1 Medium
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.