Export limit exceeded: 344132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50831 | 2025-12-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-58323 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder. | ||||
| CVE-2024-58322 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by executing malicious scripts in users' browsers. | ||||
| CVE-2024-58321 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers. | ||||
| CVE-2024-58319 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers. | ||||
| CVE-2024-58318 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2023-53738 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions. | ||||
| CVE-2023-53737 | 1 Kentico | 1 Xperience | 2025-12-30 | 4.8 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface. | ||||
| CVE-2023-53736 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context. | ||||
| CVE-2022-50686 | 1 Kentico | 1 Xperience | 2025-12-30 | 7.5 High |
| An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users. | ||||
| CVE-2022-50685 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2022-50684 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security. | ||||
| CVE-2022-50683 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings. | ||||
| CVE-2022-50681 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers. | ||||
| CVE-2022-50680 | 1 Kentico | 1 Xperience | 2025-12-30 | 4.8 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information. | ||||
| CVE-2020-36891 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2020-36889 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface. | ||||
| CVE-2024-28864 | 1 Ilicmiljan | 1 Secureprops | 2025-12-30 | 2.6 Low |
| SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default. | ||||
| CVE-2024-1432 | 1 Iperov | 1 Deepfacelab | 2025-12-30 | 5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-58247 | 2025-12-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2024. Notes: none. | ||||