Export limit exceeded: 346915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25314 | 1 Wwbn | 1 Avideo | 2025-02-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | ||||
| CVE-2022-28354 | 1 Mybb | 1 Active Threads | 2025-02-04 | 6.1 Medium |
| In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. | ||||
| CVE-2024-47984 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | 4.4 Medium |
| Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state. | ||||
| CVE-2024-29960 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
| In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. | ||||
| CVE-2024-29963 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 1.9 Low |
| Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. | ||||
| CVE-2024-29966 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
| Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | ||||
| CVE-2024-30186 | 1 Bdthemes | 1 Prime Slider | 2025-02-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1. | ||||
| CVE-2024-43317 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0. | ||||
| CVE-2024-5460 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 8.1 High |
| A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. | ||||
| CVE-2023-26843 | 1 Churchcrm | 1 Churchcrm | 2025-02-04 | 5.4 Medium |
| A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. | ||||
| CVE-2024-48893 | 1 Fortinet | 1 Fortisoar | 2025-02-03 | 6.4 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | ||||
| CVE-2024-52967 | 1 Fortinet | 1 Fortiportal | 2025-02-03 | 3.3 Low |
| An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | ||||
| CVE-2024-3544 | 1 Progress | 1 Loadmaster | 2025-02-03 | 7.5 High |
| Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. | ||||
| CVE-2012-5873 | 1 Arc2 Project | 1 Arc2 | 2025-02-03 | 5.3 Medium |
| ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. | ||||
| CVE-2024-33539 | 1 Wpzoom | 1 Wpzoom Elementor Addons | 2025-02-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35. | ||||
| CVE-2023-30790 | 1 Monicahq | 1 Monica | 2025-02-03 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | ||||
| CVE-2023-30789 | 1 Monicahq | 1 Monica | 2025-02-03 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | ||||
| CVE-2023-30838 | 1 Prestashop | 1 Prestashop | 2025-02-03 | 8.6 High |
| PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue. | ||||
| CVE-2024-33947 | 1 Metagauss | 1 Registrationmagic | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0. | ||||
| CVE-2023-30787 | 1 Monicahq | 1 Monica | 2025-02-03 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | ||||