Export limit exceeded: 364661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41358 1 Phpipam 1 Phpipam 2026-01-26 6.1 Medium
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
CVE-2024-41349 1 Unmark 1 Unmark 2026-01-26 6.1 Medium
unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php.
CVE-2024-41348 1 Jpatokal 1 Openflights 2026-01-26 6.1 Medium
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php
CVE-2024-41347 1 Jpatokal 1 Openflights 2026-01-26 6.1 Medium
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php
CVE-2024-41346 1 Jpatokal 1 Openflights 2026-01-26 6.1 Medium
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php
CVE-2021-47771 1 Cinspiration 1 Rdp Manager 2026-01-26 5.5 Medium
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full reinstallation.
CVE-2021-47769 1 Bdtask 1 Isshue 2026-01-26 4.8 Medium
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.
CVE-2021-47765 2 Celestial Software, Celestialsoftware 2 Absolutetelnet, Absolutetelnet 2026-01-26 5.5 Medium
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to become unresponsive.
CVE-2020-36924 1 Sony 3 Bravia, Bravia Signage, Bravia Tv 2026-01-26 6.1 Medium
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
CVE-2019-25251 1 Teradek 6 Vidiu, Vidiu Firmware, Vidiu Mini and 3 more 2026-01-26 6.5 Medium
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
CVE-2018-25149 1 Microhardcorp 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more 2026-01-26 6.5 Medium
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
CVE-2024-36061 2 Engenius, Engeniustech 3 Ews356 Fit, Ews356-fit, Ews356-fit Firmware 2026-01-26 9.8 Critical
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
CVE-2022-47424 1 Reputeinfosystems 1 Armember 2026-01-26 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.
CVE-2025-12514 1 Centreon 2 Centreon, Open Tickets 2026-01-26 7.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
CVE-2025-8460 1 Centreon 2 Centreon, Open Tickets 2026-01-26 6.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
CVE-2025-12511 1 Centreon 2 Centreon, Dynamic Service Management 2026-01-26 6.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.
CVE-2025-15026 1 Centreon 2 Awie, Centreon 2026-01-26 9.8 Critical
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
CVE-2025-15029 1 Centreon 2 Awie, Centreon 2026-01-26 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
CVE-2024-41345 1 Jpatokal 1 Openflights 2026-01-26 6.1 Medium
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php
CVE-2024-39097 2 Gnuboard, Sir 2 Gnuboard6, Gnuboard 2026-01-26 6.1 Medium
There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.