Latest CVE Feed
-
5.4
MEDIUMCVE-2025-59896
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their sessi... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-13983
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44.... Read more
Affected Products : tagify- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-1287
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwarg... Read more
Affected Products : django- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-59898
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their sessi... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-13979
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.... Read more
Affected Products : mini_site- Published: Jan. 28, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24559
Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.... Read more
Affected Products : database_for_contact_form_7\,_wpforms\,_elementor_forms- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2026-1429
Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-1103
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-23608
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \"name\" field to /MailEssentials/pages/MailSecuri... Read more
Affected Products : mailessentials- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-59899
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their sessi... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-23861
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerabili... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-25230
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on ac... Read more
Affected Products : filerise- Published: Feb. 09, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2020-36988
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-25473
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.... Read more
Affected Products : wzone- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-1421
A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed... Read more
Affected Products : online_examination_system- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-2127
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` funct... Read more
Affected Products : siteorigin_widgets_bundle- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-2284
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne_clean_data' AJAX action. This mak... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-71177
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that... Read more
Affected Products : lavalite- Published: Jan. 23, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-2322
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration