Export limit exceeded: 345817 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45520 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45520 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23626 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fukushima Kumihimo kumihimo allows Reflected XSS.This issue affects Kumihimo: from n/a through <= 1.0.2. | ||||
| CVE-2025-4130 | 2026-04-15 | 7.5 High | ||
| Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025. | ||||
| CVE-2025-41228 | 1 Vmware | 2 Esxi, Vcenter Server | 2026-04-15 | 4.3 Medium |
| VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites. | ||||
| CVE-2025-40890 | 1 Nozomi Networks | 2 Cmc, Guardian | 2026-04-15 | 7.9 High |
| A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft a malicious dashboard containing a JavaScript payload and share it with victim users, or a victim can be socially engineered to import a malicious dashboard template. When the victim views or imports the dashboard, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information. | ||||
| CVE-2025-22295 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through <= 8.0.6. | ||||
| CVE-2025-2889 | 2 Jackdewey, Wordpress | 2 Link Library, Wordpress | 2026-04-15 | 6.4 Medium |
| The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-40727 | 2026-04-15 | N/A | ||
| A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter. | ||||
| CVE-2025-40726 | 2026-04-15 | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter. | ||||
| CVE-2025-22286 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows Reflected XSS.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through <= 5.0.21. | ||||
| CVE-2025-22283 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyaz GetSocial getsocial allows Reflected XSS.This issue affects GetSocial: from n/a through <= 2.0.1. | ||||
| CVE-2025-22278 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13. | ||||
| CVE-2025-57967 | 3 Woocommerce, Wordpress, Wpbean | 3 Woocommerce, Wordpress, Wpb Quick View | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce woocommerce-lightbox allows Stored XSS.This issue affects WPB Quick View for WooCommerce: from n/a through <= 2.1.8. | ||||
| CVE-2025-40976 | 1 Workdo | 1 Ticketgo | 2026-04-15 | N/A |
| Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter. | ||||
| CVE-2025-40701 | 1 Sote | 1 Soteshop | 2026-04-15 | N/A |
| Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal sensitive user information such as session cookies, or to perform actions on their behalf. | ||||
| CVE-2025-40697 | 1 Lewe | 1 Webmeasure | 2026-04-15 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-40681 | 1 Xcally | 1 Omnichannel | 2026-04-15 | N/A |
| Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal sentitive user data, such as session cookies , or to perform actions on behalf of the user. | ||||
| CVE-2025-40679 | 1 Bdtask | 1 Isshue | 2026-04-15 | N/A |
| HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter. | ||||
| CVE-2025-40663 | 2026-04-15 | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time. | ||||
| CVE-2024-7090 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-57965 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | ||||