Lucene search
+L

1768 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.8 views

CVE-2022-26974

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS...

6.1CVSS6.9AI score0.00525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.14 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.5CVSS6.3AI score0.02016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.10 views

CVE-2020-10670

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version...

6.1CVSS6AI score0.00856EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.13 views

CVE-2021-27614

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the...

7.3CVSS7AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.10 views

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS5.7AI score0.00963EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.9 views

Commvault WebConsole 安全漏洞

Commvault WebConsole is a web-based management platform from Commvault USA. A security vulnerability exists in Commvault WebConsole that originates from storing user input directly in a web page, which could lead to a cross-site scripting attack...

5.4CVSS6AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 4:47 p.m.4 views

EUVD-2026-0828

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application Version 6.1.79 and earlier. Affected Products: UniFi Protect Application Version 6.1.79 and earlier...

8.8CVSS6.2AI score0.00401EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/04 11:32 p.m.36 views

CVE-2025-15447

...

0.00035EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/02 4:2 a.m.6 views

CVE-2025-15427

...

7.3AI score0.00035EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/25 8:19 p.m.17 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

5.5CVSS6.1AI score0.00167EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/12/23 12:0 a.m.4 views

Simple Machines Forum (SMF) <= 2.1.6 XSS Vulnerability

Simple Machines Forum SMF is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.6AI score0.00214EPSS
Exploits0References5
NVD
NVD
added 2025/12/21 10:15 p.m.39 views

CVE-2025-62926

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HappyDevs TempTool Show Current Template Info current-template-name allows Stored XSS.This issue affects TempTool Show Current Template Info: from n/a through = 1.3.1...

6.5CVSS0.00127EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 8:16 a.m.6 views

CVE-2025-60069

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through = 3.9.6...

8.1CVSS5.8AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-30922)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 10:15 p.m.5 views

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS0.00422EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 7:16 p.m.5 views

CVE-2025-64627

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 6:23 p.m.3 views

CVE-2025-64611 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.1AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through = 7.7.3...

6.5CVSS6AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 5:15 p.m.3 views

CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

5.1CVSS5AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.8 views

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which stems from improper path cleanup in the file upload feature and could lead to remote code...

8.8CVSS7.9AI score0.00664EPSS
Exploits0References3
Rows per page
Query Builder