Export limit exceeded: 346723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2504 | 1 Birddog | 8 4k Quad, 4k Quad Firmware, A300 and 5 more | 2025-01-16 | 8.4 High |
| Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. | ||||
| CVE-2023-2611 | 1 Advantech | 1 R-seenet | 2025-01-16 | 9.8 Critical |
| Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. | ||||
| CVE-2023-4523 | 1 Rtautomation | 6 460 Series Firmware, 460etcmm, 460mcbms and 3 more | 2025-01-16 | 9.4 Critical |
| Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm. | ||||
| CVE-2023-2306 | 1 Qognify | 1 Nicevision | 2025-01-16 | 10 Critical |
| Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. | ||||
| CVE-2023-5777 | 1 Weintek | 1 Easybuilder Pro | 2025-01-16 | 9.8 Critical |
| Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | ||||
| CVE-2024-56377 | 1 Vanderbilt | 1 Redcap | 2025-01-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts. | ||||
| CVE-2024-56376 | 1 Vanderbilt | 1 Redcap | 2025-01-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | ||||
| CVE-2023-1944 | 1 Kubernetes | 1 Minikube | 2025-01-16 | 8.4 High |
| This vulnerability enables ssh access to minikube container using a default password. | ||||
| CVE-2024-28190 | 1 Contao | 1 Contao | 2025-01-16 | 5.4 Medium |
| Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users. | ||||
| CVE-2023-30615 | 1 Dfir-iris | 1 Iris | 2025-01-16 | 6.3 Medium |
| Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. | ||||
| CVE-2024-22936 | 2 Genesisedu, Manuelaldape | 2 Parent Student Portal, Parents \& Student Portal | 2025-01-16 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2024-25094 | 1 Primitiv | 1 Pj News Ticker | 2025-01-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5. | ||||
| CVE-2024-25098 | 1 Bajorat-media | 1 Pb Oembed Html5 Audio | 2025-01-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6. | ||||
| CVE-2024-25831 | 1 F-logic | 1 Datacube3 | 2025-01-16 | 5.4 Medium |
| F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface. | ||||
| CVE-2024-1977 | 1 Josephlopreste | 1 Restaurant Solutions - Checklist | 2025-01-16 | 4.4 Medium |
| The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-23501 | 1 Shopfiles | 1 Ebook Store | 2025-01-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788. | ||||
| CVE-2024-25093 | 1 Dev4press | 1 Gd Rating System | 2025-01-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5. | ||||
| CVE-2024-34081 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | 6.6 Medium |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags. | ||||
| CVE-2023-33829 | 1 Cloudogu | 1 Scm Manager | 2025-01-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | ||||
| CVE-2023-25439 | 1 Squarepiginteractive | 1 Fusioninvoice | 2025-01-16 | 6.1 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. | ||||