Export limit exceeded: 46466 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46466 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9969 | 2026-06-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS. This issue affects Real Estate Packages: before 5.1. | ||||
| CVE-2026-36748 | 1 Sparkdevnetwork | 1 Rock Rms | 2026-06-05 | 9 Critical |
| RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | ||||
| CVE-2026-36606 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 7.1 High |
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials. | ||||
| CVE-2026-36616 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 5.9 Medium |
| Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary. | ||||
| CVE-2022-31114 | 1 Laravel-backpack | 1 Crud | 2026-06-05 | N/A |
| backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception->getMessage())` instead of `$exception->getMessage()`. | ||||
| CVE-2026-8876 | 1 Securly | 2 Securly, Securly Chrome Extension | 2026-06-05 | 7.3 High |
| Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data. | ||||
| CVE-2025-67448 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 7.1 High |
| The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed. | ||||
| CVE-2025-65640 | 1 Arket | 1 Globe Document Intelligence | 2026-06-05 | 6.3 Medium |
| Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript code within these fields, the application fails to properly sanitize or escape the content. As a result, the injected script is executed when the page is rendered, allowing the attacker to execute arbitrary JavaScript in the context of other users' browsers who view the affected page. | ||||
| CVE-2026-49204 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 6.5 Medium |
| Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. | ||||
| CVE-2026-50213 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. | ||||
| CVE-2019-25739 | 1 Gigtodoscript | 1 Gigtodo | 2026-06-05 | 6.4 Medium |
| GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects. | ||||
| CVE-2019-25742 | 2 Fruitfulcode, Wordpress | 2 Zoner Real Estate, Wordpress | 2026-06-05 | 6.4 Medium |
| WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execute when administrators view the property for approval, enabling cookie theft and session hijacking. | ||||
| CVE-2019-25743 | 2 Soliloquywp, Wordpress | 2 Soliloquy Lite, Wordpress | 2026-06-05 | 6.4 Medium |
| WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post. | ||||
| CVE-2026-21825 | 1 Hcltech | 1 Dx Compose | 2026-06-05 | 6.1 Medium |
| HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser. | ||||
| CVE-2025-10467 | 2026-06-05 | 8.9 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS. This issue affects OBS (Student Affairs Information System): before v25.0401. | ||||
| CVE-2025-10609 | 1 Logo Software | 1 Tigerwings Erp | 2026-06-05 | 5.9 Medium |
| Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable. This issue affects TigerWings ERP: from 01.01.00 before 3.03.00. | ||||
| CVE-2025-10612 | 1 Gisoft | 1 City Guide | 2026-06-05 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS. This issue affects City Guide: before 1.4.45. | ||||
| CVE-2025-10727 | 1 Arksigner | 1 Acbakimzala | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS. This issue affects AcBakImzala: before v5.1.4. | ||||
| CVE-2025-10876 | 1 Talentsoftware | 1 Bap Automation | 2026-06-05 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS). This issue affects e-BAP Automation: from 1.8.96 before v.41815. | ||||
| CVE-2025-10913 | 1 Saastech Cleaning And Internet Services Inc. | 1 Temizlikyolda | 2026-06-05 | 8.3 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS). This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||