Total
41640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32699 | 2025-11-03 | N/A | N/A | ||
| Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. | |||||
| CVE-2025-30087 | 1 Bestpractical | 1 Request Tracker | 2025-11-03 | N/A | 7.2 HIGH |
| Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. | |||||
| CVE-2025-27802 | 2025-11-03 | N/A | 4.8 MEDIUM | ||
| The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could be used in the "Edit" section of the CMS, allowed the input of arbitrary text. It was possible to input malicious JavaScript code in these properties that would be executed if a user visits the previewed page. Attackers needed at least the role "WebEditor" in order to exploit this issue. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3) | |||||
| CVE-2025-27801 | 2025-11-03 | N/A | 4.8 MEDIUM | ||
| The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit" section of the CMS, offered an upload functionality for documents. These documents could later be used as displayed content on the page. It was possible to upload SVG files that include malicious JavaScript code that would be executed if a user visited the direct URL of the preview image. Attackers needed at least the role "WebEditor" in order to exploit this issue. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3) | |||||
| CVE-2025-27800 | 2025-11-03 | N/A | 4.8 MEDIUM | ||
| The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to the dashboard. This included the "Notes" gadget. An authenticated attacker with the corresponding access rights (such as "WebAdmin") that was impersonating the victim could insert malicious JavaScript code in these notes that would be executed if the victim visited the dashboard. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3) | |||||
| CVE-2025-27679 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 6.1 MEDIUM |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005. | |||||
| CVE-2025-27676 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 6.1 MEDIUM |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002. | |||||
| CVE-2025-27654 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 6.1 MEDIUM |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. | |||||
| CVE-2025-27653 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 6.1 MEDIUM |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. | |||||
| CVE-2025-27637 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 6.1 MEDIUM |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. | |||||
| CVE-2025-26065 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-11-03 | N/A | 7.3 HIGH |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network. | |||||
| CVE-2025-26064 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-11-03 | N/A | 7.3 HIGH |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | |||||
| CVE-2025-24530 | 2025-11-03 | N/A | 6.4 MEDIUM | ||
| An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. | |||||
| CVE-2025-24529 | 2025-11-03 | N/A | 6.4 MEDIUM | ||
| An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab. | |||||
| CVE-2025-24225 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-03 | N/A | 6.5 MEDIUM |
| An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. | |||||
| CVE-2024-6485 | 2025-11-03 | N/A | 6.4 MEDIUM | ||
| A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. | |||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | N/A | 7.5 HIGH |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | |||||
| CVE-2024-56519 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | N/A | 7.5 HIGH |
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | |||||
| CVE-2024-47093 | 1 Nagvis | 1 Nagvis | 2025-11-03 | N/A | 8.8 HIGH |
| Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | |||||
| CVE-2024-47090 | 1 Nagvis | 1 Nagvis | 2025-11-03 | N/A | 6.1 MEDIUM |
| Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | |||||