Export limit exceeded: 43798 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43798 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9174 | 1 M-files | 1 Hubshare | 2026-02-23 | 5.4 Medium |
| Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI | ||||
| CVE-2024-6881 | 1 M-files | 1 Hubshare | 2026-02-23 | 5.4 Medium |
| Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session | ||||
| CVE-2024-6124 | 1 M-files | 1 Hubshare | 2026-02-23 | 5.4 Medium |
| Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session | ||||
| CVE-2024-5142 | 1 M-files | 1 Hubshare | 2026-02-23 | 5.4 Medium |
| Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser | ||||
| CVE-2026-2825 | 1 Rachelos | 1 Werss We-mp-rss | 2026-02-23 | 3.5 Low |
| A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2622 | 2 Blossom, Wangyunf | 2 Blossom, Blossom | 2026-02-23 | 3.5 Low |
| A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2616 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2026-02-23 | 8.8 High |
| A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2557 | 1 Cskefu | 1 Cskefu | 2026-02-23 | 3.5 Low |
| A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2547 | 1 Ligerosmart | 1 Ligerosmart | 2026-02-23 | 3.5 Low |
| A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2546 | 1 Ligerosmart | 1 Ligerosmart | 2026-02-23 | 3.5 Low |
| A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2545 | 1 Ligerosmart | 1 Ligerosmart | 2026-02-23 | 3.5 Low |
| A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2224 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-02-23 | 3.5 Low |
| A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-2222 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-02-23 | 2.4 Low |
| A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-2214 | 2 Code-projects, Fabian | 2 For Plugin, Online Music Site | 2026-02-23 | 2.4 Low |
| A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-2201 | 1 Zerowdd | 1 Studentmanager | 2026-02-23 | 2.4 Low |
| A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The code repository of the project has not been active for many years. | ||||
| CVE-2026-2200 | 1 Heyewei | 1 Jfinalcms | 2026-02-23 | 2.4 Low |
| A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-2160 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-02-23 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2159 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-02-23 | 4.3 Medium |
| A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2156 | 2 Code-projects, Fabian | 2 Online Student Management System, Online Student Management System | 2026-02-23 | 2.4 Low |
| A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-2154 | 3 Pamzey, Patrick Mvuma, Sourcecodester | 3 Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System | 2026-02-23 | 4.3 Medium |
| A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||