Export limit exceeded: 44177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46048 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46048 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27925 | 1 Vektor-inc | 1 Vk Blocks | 2025-01-17 | 5.4 Medium |
| Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-27923 | 1 Vektor-inc | 1 Vk Blocks | 2025-01-17 | 5.4 Medium |
| Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-28655 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | 5.4 Medium |
| A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. | ||||
| CVE-2023-28650 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | 6.1 Medium |
| An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context. | ||||
| CVE-2023-22300 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | 6.1 Medium |
| An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. This action would also grant the attacker privilege escalation. | ||||
| CVE-2023-0432 | 1 Deltaww | 2 Dx-2100l1-cn, Dx-2100l1-cn Firmware | 2025-01-17 | 9 Critical |
| The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised. | ||||
| CVE-2023-27512 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2025-01-17 | 7.2 High |
| Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | ||||
| CVE-2023-27922 | 1 Thenewsletterplugin | 1 Newsletter | 2025-01-17 | 6.1 Medium |
| Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-1209 | 1 Servicenow | 1 Servicenow | 2025-01-17 | 4.3 Medium |
| Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. | ||||
| CVE-2024-3377 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-17 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-31995 | 1 Hanwhavision | 236 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 233 more | 2025-01-17 | 5.4 Medium |
| Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2024-3427 | 1 Argie | 1 Online Courseware | 2025-01-17 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599. | ||||
| CVE-2024-3426 | 1 Argie | 1 Online Courseware | 2025-01-17 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-30469 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2025-01-17 | 7.6 High |
| Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00. | ||||
| CVE-2023-25598 | 1 Mitel | 1 Mivoice Connect | 2025-01-17 | 6.1 Medium |
| A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2022-42225 | 1 Fit2cloud | 1 Lina | 2025-01-17 | 5.4 Medium |
| Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission. | ||||
| CVE-2024-3428 | 1 Argie | 1 Online Courseware | 2025-01-17 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600. | ||||
| CVE-2022-45444 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 10 Critical |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access. | ||||
| CVE-2022-46733 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 6.3 Medium |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands. | ||||
| CVE-2022-3089 | 1 Echelon | 2 I.lon Vision, Smartserver | 2025-01-16 | 6.3 Medium |
| Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. | ||||