Latest CVE Feed
-
6.1
MEDIUMCVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers (where it could be used for header injection) or in HTML in the default error page (where it c... Read more
Affected Products : tornado- Published: Dec. 12, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2024-25814
MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67291
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-29231
A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67633
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through <= 2.7.3.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-40893
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When... Read more
- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-68602
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.... Read more
Affected Products : accept_donations_with_paypal- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2023-53931
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in ... Read more
Affected Products : revive_adserver- Published: Dec. 17, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13819
Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-58044
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an ... Read more
Affected Products : jumpserver- Published: Dec. 01, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-63520
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).... Read more
Affected Products : feehicms- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13007
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externall... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65186
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13939
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+54... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +25 more products- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14005
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing manipula... Read more
Affected Products : xunruicms- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13625
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This m... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13515
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it p... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and ui.add_sass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. A... Read more
Affected Products : nicegui- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-66512
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting