Export limit exceeded: 343537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343537 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52583 | 1 Neojapan | 1 Desknet Web | 2025-10-21 | N/A |
| Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-54760 | 1 Neojapan | 1 Desknet Neo | 2025-10-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-54859 | 1 Neojapan | 1 Desknet Neo | 2025-10-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-53858 | 1 Neojapan | 1 Chatluck | 2025-10-21 | N/A |
| ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product. | ||||
| CVE-2025-58079 | 1 Neojapan | 1 Desknet Neo | 2025-10-21 | N/A |
| Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications. | ||||
| CVE-2025-58426 | 1 Neojapan | 1 Desknet Neo | 2025-10-21 | N/A |
| desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications. | ||||
| CVE-2025-24833 | 1 Neojapan | 1 Desknet Neo | 2025-10-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-58115 | 1 Neojapan | 1 Chatluck | 2025-10-21 | N/A |
| ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product. | ||||
| CVE-2025-6338 | 2 Microsoft, Qt | 2 Windows, Qt | 2025-10-21 | N/A |
| There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2. | ||||
| CVE-2025-55072 | 1 Neojapan | 1 Desknet Neo | 2025-10-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-54461 | 1 Neojapan | 1 Chatluck | 2025-10-21 | N/A |
| ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user. | ||||
| CVE-2025-41253 | 2 Spring, Vmware | 4 Spring, Webflux, Spring and 1 more | 2025-10-21 | 7.5 High |
| The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured. | ||||
| CVE-2024-8008 | 1 Wso2 | 6 Api Manager, Enterprise Integrator, Identity Server and 3 more | 2025-10-21 | 5.2 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible. | ||||
| CVE-2025-62684 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62683 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62682 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62681 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62680 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62679 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62678 | 2025-10-21 | N/A | ||
| Not used | ||||