Latest CVE Feed
-
6.1
MEDIUMCVE-2026-25148
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-render... Read more
Affected Products : qwik- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13676
The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the `PHP_SELF` server variable. This makes it ... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-20978
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2026-1127
The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-69316
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.... Read more
Affected Products : tableon_-_wordpress_posts_table_filterable- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-36019
IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14063
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21663
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visit... Read more
Affected Products : revive_adserver- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21943
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Scripting Admin). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ... Read more
Affected Products : scripting- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.1
MEDIUMCVE-2025-66523
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesi... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-2154
A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument ... Read more
Affected Products : patients_waiting_area_queue_management_system- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25486
Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name ... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary ... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25374
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads ... Read more
Affected Products : opnsense- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67652
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the l... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2018-25132
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the tren... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-2149
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results i... Read more
Affected Products : patients_waiting_area_queue_management_system- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-25051
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
6.1
MEDIUMCVE-2025-36066
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering th... Read more
Affected Products : sterling_connect\ sterling_connectexpress_adapter_for_sterling_b2b_integrator_520- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21961
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer, Employee Snapshot). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenti... Read more
Affected Products : peoplesoft_enterprise_hcm_human_resources- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026