Export limit exceeded: 15959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47129 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47129 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41065 | 1 Luna Imaging | 1 Luna | 2026-04-15 | N/A |
| Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequently displayed without proper sanitization when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-41081 | 1 Zuinq Studio | 1 Ismygym | 2026-04-15 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/<PATH>.php/<XSS>'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-9978 | 3 Elementor, Jegtheme, Wordpress | 3 Elementor, Jeg Elementor Kit, Wordpress | 2026-04-15 | 6.8 Medium |
| The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability. | ||||
| CVE-2025-41084 | 2 Sesame Labs, Sesame Labs S.l | 2 Sesame, Sesame | 2026-04-15 | N/A |
| Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies/<ID>/logo', which are then stored on the server and executed in the context of any user who accesses the compromised resource. | ||||
| CVE-2025-41085 | 1 Apidog | 1 Apidog Web Platform | 2026-04-15 | N/A |
| Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and executed in the context of any user accessing the compromised resource. | ||||
| CVE-2025-41087 | 1 Taclia | 1 Taclia | 2026-04-15 | N/A |
| Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of any user who accesses the compromised resource. | ||||
| CVE-2025-41088 | 1 Xibosignage | 1 Xibo | 2026-04-15 | N/A |
| Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text' field in the section with the malicious payload. | ||||
| CVE-2025-41089 | 1 Xibosignage | 1 Xibo | 2026-04-15 | N/A |
| Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock' widget. Next, modify the 'Configuration Name' field in the left-hand section. | ||||
| CVE-2025-49486 | 2026-04-15 | N/A | ||
| A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items. | ||||
| CVE-2025-67984 | 2 Calliko, Wordpress | 2 Nps Computy, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2. | ||||
| CVE-2025-67983 | 2 Osama.esh, Wordpress | 2 Wp Visitor Statistics (real Time Traffic), Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3. | ||||
| CVE-2025-67978 | 2 Fixbd, Wordpress | 2 Educare, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1. | ||||
| CVE-2025-67971 | 2 Wordpress, Wpmanageninja | 2 Wordpress, Fluentcart | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0. | ||||
| CVE-2025-67964 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through <= 2.4.3. | ||||
| CVE-2025-67960 | 2 Purethemes, Wordpress | 2 Workscout Core, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06. | ||||
| CVE-2025-67959 | 2 Purethemes, Wordpress | 2 Workscout, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through <= 4.1.07. | ||||
| CVE-2025-67952 | 2 Themegoods, Wordpress | 2 Grand Tour, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2. | ||||
| CVE-2025-67951 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Addons For Elementor | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through <= 1.2.10. | ||||
| CVE-2025-67949 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6. | ||||
| CVE-2025-67947 | 3 Elementor, Scriptsbundle, Wordpress | 3 Elementor, Adforest, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11. | ||||