CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

395 matches found

NVD•added 2026/02/03 6:16 p.m.•7 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS0.00182EPSS

Exploits1References1

Cvelist•added 2026/02/03 4:56 p.m.•24 views

CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields

6.1CVSS0.00182EPSS

Exploits1References1

CVE•added 2026/02/03 4:56 p.m.•9 views

CVE-2026-24671

Open eClass (formerly GUnet eClass) prior to version 4.2 is affected by a Stored XSS vulnerability in multiple high-privilege user input fields. Authenticated teachers/admins can inject malicious JavaScript, executed when other users load affected pages. Red Hat/NVD/CVE aggregations confirm the i...

6.1CVSS5.3AI score0.00182EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/02/03 12:0 a.m.•3 views

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts in multiple user-controllable input fields, which could allo...

6.1CVSS5.6AI score0.00182EPSS

Exploits1References2

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-6203

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A Stored Cross-Site Scripting XSS issue exists in versions before 4.2, allowing authenticated...

6.1CVSS5.4AI score0.00182EPSS

Exploits1References5

EUVD•added 2026/02/01 12:15 p.m.•3 views

EUVD-2021-34763

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...

6.4CVSS5.9AI score0.00251EPSS

Exploits0References5

CNNVD•added 2026/02/01 12:0 a.m.•3 views

Affiliate Pro 跨站脚本漏洞

Affiliate Pro is an alliance management system developed by JD Web Designer individuals. Version 1.7 of Affiliate Pro contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site scripting vulnerabilities in the input fields of the indexing module,...

5.4CVSS5.6AI score0.00171EPSS

Exploits0References4

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5556

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00171EPSS

Exploits0References5

CNNVD•added 2026/01/30 12:0 a.m.•3 views

forma.lms cross-site scripting vulnerability

forma.lms is an open-source, web-based online learning platform developed by individual developers. Version 2.3.0.2 of forma.lms contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of inputs for course code, name, description fields, and email parameter...

6.4CVSS5.6AI score0.00252EPSS

Exploits0References4

EUVD•added 2026/01/27 6:51 p.m.•2 views

EUVD-2020-30871

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules...

6.4CVSS6AI score0.00305EPSS

Exploits0References7

OSV•added 2026/01/27 5:16 p.m.•2 views

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

9.8CVSS5.9AI score

Exploits0References2

NVD•added 2026/01/27 4:16 p.m.•4 views

CVE-2020-36949

TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become...

7.5CVSS0.00429EPSS

Exploits1References3

EUVD•added 2026/01/27 12:0 a.m.•5 views

EUVD-2025-206391

9.8CVSS5.9AI score0.00402EPSS

Exploits1References2

CNNVD•added 2026/01/21 12:0 a.m.•3 views

GeoGebra CAS Calculator security vulnerability

GeoGebra CAS Calculator is a symbolic calculation calculator developed by the American company GeoGebra. Version 6.0.631.0 of the GeoGebra CAS Calculator has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which may lead to the application crashing...

9.8CVSS6AI score0.00348EPSS

Exploits0References3

CNNVD•added 2026/01/21 12:0 a.m.•3 views

GeoGebra Graphing Calculator has a security vulnerability

The GeoGebra Graphing Calculator is a function drawing calculator developed by the American company GeoGebra. Version 6.0.631.0 of the GeoGebra Graphing Calculator has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which may lead to the application...

7.5CVSS6AI score0.00239EPSS

Exploits0References3

ATTACKERKB•added 2026/01/15 11:25 p.m.•2 views

CVE-2021-47798

NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash...

9.8CVSS6AI score0.00391EPSS

Exploits0References3Affected Software1

CVE•added 2026/01/15 3:52 p.m.•7 views

CVE-2021-47764

AbsoluteTelnet 11.24 is affected by a denial-of-service vulnerability triggered by crafting a 1000-character payload and injecting it into the DialUp connection and license name fields. The vulnerability description across sources specifies that local attackers can crash the application, causing ...

6.7CVSS6AI score0.00174EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/01/13 10:52 p.m.•17 views

CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS0.00262EPSS

Exploits1References4

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2413

Name of the Vulnerable Software and Affected Versions Ametys CMS version 4.4.1 Description Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions...

6.1CVSS6.7AI score0.00262EPSS

Exploits1References8

RedhatCVE•added 2026/01/09 10:54 a.m.•6 views

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

4.8CVSS5.8AI score0.0077EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by