Export limit exceeded: 357853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10153 | 1 Westboy | 1 Cicadascms | 2026-06-01 | 4.3 Medium |
| A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10234 | 1 Mettle | 1 Sendportal | 2026-06-01 | 3.5 Low |
| A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10216 | 1 Unitedbyai | 1 Droidclaw | 2026-06-01 | 3.7 Low |
| A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10228 | 1 Raisulislamg4 | 1 Student Management System By Php | 2026-06-01 | 3.5 Low |
| A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10247 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-06-01 | 3.5 Low |
| A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of the argument generic_name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-40544 | 1 Soplanning | 1 Soplanning | 2026-06-01 | N/A |
| SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the victim’s browser when a user clicks the Edit button for the malicious backup. This issue affects SOPlanning version 1.55 and below. | ||||
| CVE-2026-40545 | 1 Soplanning | 1 Soplanning | 2026-06-01 | N/A |
| SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below. | ||||
| CVE-2024-12796 | 1 Holistic It | 1 Workcube Erp | 2026-06-01 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Holistic IT, Consultancy Coop. Workcube ERP allows Reflected XSS. This issue affects Workcube ERP: from V12 - V14 before Cognitive. | ||||
| CVE-2024-12914 | 1 Akinsoft | 1 Qr Menu | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS). This issue affects QR Menü: from s1.05.05 before v1.05.12. | ||||
| CVE-2026-49368 | 1 Jetbrains | 1 Youtrack | 2026-06-01 | 8.7 High |
| In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | ||||
| CVE-2024-12915 | 2026-06-01 | 4.6 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS. This issue affects Library Software: before 24.11.02. | ||||
| CVE-2024-12972 | 1 Akinsoft | 1 Octocloud | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS). This issue affects OctoCloud: from s1.09.01 before v1.11.01. | ||||
| CVE-2026-49384 | 1 Jetbrains | 1 Pycharm | 2026-06-01 | 6.1 Medium |
| In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | ||||
| CVE-2024-12974 | 1 Akinsoft | 1 Prokuaför | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS). This issue affects ProKuaför: from s1.02.07 before v1.02.08. | ||||
| CVE-2024-13064 | 1 Akinsoft | 1 Myrezzta | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS). This issue affects MyRezzta: from s2.02.02 before v2.05.01. | ||||
| CVE-2024-13071 | 1 Akinsoft | 1 E-mutabakat | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS). This issue affects e-Mutabakat: from 2.02.05 before v2.02.06. | ||||
| CVE-2024-13073 | 1 Akinsoft | 1 Taskpano | 2026-06-01 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS). This issue affects TaskPano: s1.06.04. | ||||
| CVE-2023-0320 | 1 University Information Management System Project | 1 University Information Management System | 2026-06-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS. This issue affects UBYS: before 23.03.16. | ||||
| CVE-2023-0322 | 1 Talentyazilim | 1 Unis | 2026-06-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 28376. | ||||
| CVE-2023-0577 | 1 Asosegitim | 1 Sobiad | 2026-06-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS). This issue affects SOBIAD: before 23.02.01. | ||||