Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (659 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6439 | 2 Redhat, Rhel Sam | 2 Subscription Asset Manager, 1.3 | 2025-04-11 | N/A |
| Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | ||||
| CVE-2024-25690 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-04-10 | 4.7 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | ||||
| CVE-2023-25833 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 5.4 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | ||||
| CVE-2022-38210 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | ||||
| CVE-2025-0272 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-10 | 5.4 Medium |
| HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | ||||
| CVE-2025-1807 | 2025-04-09 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue. | ||||
| CVE-2025-31384 | 2025-04-07 | 7.1 High | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5. | ||||
| CVE-2022-34399 | 1 Dell | 30 Alienware M15 A6, Alienware M15 A6 Firmware, Alienware M15 Ryzen Edition R5 and 27 more | 2025-04-03 | 5.1 Medium |
| Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM. | ||||
| CVE-2025-25363 | 1 Thepluginpeople | 1 Enterprise Mail Handler | 2025-04-03 | 6.5 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template. | ||||
| CVE-2006-0149 | 1 Simpbook | 1 Simpbook | 2025-04-03 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||
| CVE-2024-31062 | 1 Munyweki | 1 Insurance Management System | 2025-04-03 | 6.3 Medium |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | ||||
| CVE-2024-25873 | 1 Enhavo | 1 Enhavo | 2025-04-02 | 5.4 Medium |
| Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | ||||
| CVE-2025-29431 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-04-02 | 3.2 Low |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters. | ||||
| CVE-2025-29426 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-04-02 | 4.6 Medium |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/class.php via the id and cys parameters. | ||||
| CVE-2025-31604 | 2025-04-01 | 6.5 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Cal.com Cal.com allows Stored XSS. This issue affects Cal.com: from n/a through 1.0.0. | ||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | 5.3 Medium |
| A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | ||||
| CVE-2024-13497 | 1 Tripetto | 1 Tripetto | 2025-03-28 | 7.2 High |
| The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | ||||
| CVE-2024-26282 | 1 Mozilla | 1 Firefox | 2025-03-27 | 7.1 High |
| Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123. | ||||
| CVE-2020-16297 | 4 Artifex, Canonical, Debian and 1 more | 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more | 2025-03-14 | 5.5 Medium |
| A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | ||||
| CVE-2024-22277 | 1 Vmware | 1 Cloud Director | 2025-03-13 | 6.4 Medium |
| VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks. | ||||