Latest CVE Feed
-
6.1
MEDIUMCVE-2019-25383
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST... Read more
Affected Products : smoothwall- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24555
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1.... Read more
Affected Products : artplacer_widget- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25323
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2026-1466
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MI... Read more
Affected Products : jirafeau- Published: Jan. 28, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2020-37152
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. ... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25374
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads ... Read more
Affected Products : opnsense- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-2098
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more
Affected Products : agentflow- Published: Feb. 10, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25149
Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploi... Read more
Affected Products : qwik- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2019-25370
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script paylo... Read more
Affected Products : opnsense- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-2149
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results i... Read more
Affected Products : patients_waiting_area_queue_management_system- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21946
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access... Read more
Affected Products : jd_edwards_enterpriseone_tools- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.1
MEDIUMCVE-2026-1411
A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device.... Read more
- Published: Jan. 26, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2026-24674
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenti... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-69749
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25487
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs b... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25488
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs b... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25490
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs b... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-20978
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-36019
IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ... Read more
Affected Products : concert- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24127
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed bac... Read more
Affected Products : typemill- Published: Jan. 23, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cross-Site Scripting