Export limit exceeded: 349515 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-20 | 9.8 Critical |
| D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | ||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-06-20 | 9.8 Critical |
| TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | ||||
| CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2025-06-20 | 6.1 Medium |
| The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2025-06-20 | 5.4 Medium |
| Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2024-23898 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-06-20 | 8.8 High |
| Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | ||||
| CVE-2024-23183 | 1 Appleple | 1 A-blog Cms | 2025-06-20 | 5.4 Medium |
| Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser. | ||||
| CVE-2024-23181 | 1 Appleple | 1 A-blog Cms | 2025-06-20 | 6.1 Medium |
| Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. | ||||
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2025-06-20 | 6.1 Medium |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-22635 | 1 Webcalendar Project | 1 Webcalendar | 2025-06-20 | 6.1 Medium |
| WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | ||||
| CVE-2024-22570 | 1 Njtech | 1 Greencms | 2025-06-20 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-7089 | 1 Benjaminzekavica | 1 Easy Svg Support | 2025-06-20 | 5.4 Medium |
| The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-6278 | 1 Biteship | 1 Biteship | 2025-06-20 | 6.1 Medium |
| The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-37571 | 1 Softing | 1 Th Scope | 2025-06-20 | 6.1 Medium |
| Softing TH SCOPE through 3.70 allows XSS. | ||||
| CVE-2023-33758 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-06-20 | 6.1 Medium |
| Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. | ||||
| CVE-2021-43635 | 1 Codexnotes | 1 Codex | 2025-06-20 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | ||||
| CVE-2024-22549 | 1 Flycms Project | 1 Flycms | 2025-06-20 | 5.4 Medium |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | ||||
| CVE-2024-0606 | 1 Mozilla | 1 Firefox Focus | 2025-06-20 | 6.1 Medium |
| An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | ||||
| CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2025-06-20 | 6.1 Medium |
| A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2023-51946 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | 6.1 Medium |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2023-41176 | 1 Trendmicro | 1 Mobile Security | 2025-06-20 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | ||||