Latest CVE Feed
-
5.4
MEDIUMCVE-2024-29236
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read databas... Read more
- Published: Mar. 28, 2024
- Modified: Aug. 04, 2025
-
5.4
MEDIUMCVE-2024-29238
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read databas... Read more
- Published: Mar. 28, 2024
- Modified: Aug. 04, 2025
-
5.4
MEDIUMCVE-2021-20447
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- EPSS Score: %0.16
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20503
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- EPSS Score: %0.16
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20504
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- EPSS Score: %0.16
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20518
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- EPSS Score: %0.14
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20520
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- EPSS Score: %0.16
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-28090
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.... Read more
Affected Products :- Published: Mar. 28, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-3081
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argu... Read more
Affected Products : easyadmin- Published: Mar. 29, 2024
- Modified: Apr. 29, 2025
-
5.4
MEDIUMCVE-2024-30453
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. ... Read more
Affected Products : brave- Published: Mar. 29, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-19616
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.... Read more
Affected Products : mblog- EPSS Score: %0.21
- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-23922
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.... Read more
Affected Products : remote_desktop_manager- EPSS Score: %0.27
- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUM- Published: Apr. 01, 2024
- Modified: Apr. 04, 2025
-
5.4
MEDIUMCVE-2024-2369
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more
Affected Products : coblocks- Published: Apr. 02, 2024
- Modified: May. 13, 2025
-
5.4
MEDIUMCVE-2024-1274
The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)... Read more
- Published: Apr. 02, 2024
- Modified: May. 07, 2025
-
5.4
MEDIUMCVE-2021-29661
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated use... Read more
Affected Products : opc_toolbox- EPSS Score: %0.24
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4792
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For... Read more
Affected Products : edge_application_manager- EPSS Score: %0.14
- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24168
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. Thi... Read more
Affected Products : easy_contact_form_pro- EPSS Score: %0.19
- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24196
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized... Read more
Affected Products : social_slider_widget- EPSS Score: %0.20
- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24201
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contrib... Read more
Affected Products : website_builder- EPSS Score: %0.11
- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024