Latest CVE Feed
-
4.8
MEDIUMCVE-2026-24621
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through <= 3.4.9.... Read more
Affected Products : terms_descriptions- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-21625
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2026-20075
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of ... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14557
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.... Read more
Affected Products : facebook_pixel- Published: Jan. 14, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20055
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scrip... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20109
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scrip... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description ... Read more
Affected Products : wangmarket- Published: Jan. 05, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due... Read more
Affected Products : identity_services_engine- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-0518
CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.... Read more
Affected Products : secure_access- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subs... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of ... Read more
Affected Products : identity_services_engine- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary... Read more
Affected Products : inkscape- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2026-0730
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument ... Read more
Affected Products : staff_leave_management_system- Published: Jan. 08, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-22919
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-51602
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.... Read more
Affected Products : vlc_media_player- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2025-15505
A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The at... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.7
MEDIUMCVE-2026-24686
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 ... Read more
Affected Products : go-tuf- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
4.7
MEDIUMCVE-2025-12540
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the... Read more
Affected Products : dashboard_for_google_analytics- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
4.7
MEDIUMCVE-2025-68138
EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly all... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption