CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46426 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-49384	1 Jetbrains	1 Pycharm	2026-06-01	6.1 Medium
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2024-12974	1 Akinsoft	1 Prokuaför	2026-06-01	4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS). This issue affects ProKuaför: from s1.02.07 before v1.02.08.
CVE-2024-13064	1 Akinsoft	1 Myrezzta	2026-06-01	4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS). This issue affects MyRezzta: from s2.02.02 before v2.05.01.
CVE-2024-13071	1 Akinsoft	1 E-mutabakat	2026-06-01	4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS). This issue affects e-Mutabakat: from 2.02.05 before v2.02.06.
CVE-2024-13073	1 Akinsoft	1 Taskpano	2026-06-01	4.7 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS). This issue affects TaskPano: s1.06.04.
CVE-2023-0320	1 University Information Management System Project	1 University Information Management System	2026-06-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS. This issue affects UBYS: before 23.03.16.
CVE-2023-0322	1 Talentyazilim	1 Unis	2026-06-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 28376.
CVE-2023-0577	1 Asosegitim	1 Sobiad	2026-06-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS). This issue affects SOBIAD: before 23.02.01.
CVE-2023-0578	1 Asosegitim	1 Bookcites	2026-06-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS). This issue affects Book Cites: before 23.01.05.
CVE-2023-1051	1 Askoc	1 Web Report System	2026-06-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS. This issue affects Web Report System: before 23.03.10.
CVE-2023-1060	1 Ykmbilisim	1 Ykm Crm	2026-06-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS. This issue affects YKM CRM: before 23.03.30.
CVE-2023-1154	1 Pacsrapor	1 Pacsrapor	2026-06-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS. This issue affects Pacsrapor: before 1.22.
CVE-2026-36538	1 Netis	1 Ac1200 Router	2026-05-30	7.3 High
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.
CVE-2026-38931	1 Creatorsofcode	1 Simplephp	2026-05-30	5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload.
CVE-2026-42733	2 Realmag777, Wordpress	2 Wpcs, Wordpress	2026-05-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through <= 1.3.1.
CVE-2026-42751	2 Wordpress, Wpdevelop	2 Wordpress, Booking Manager	2026-05-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.18.
CVE-2026-42759	2 Timo, Wordpress	2 Affiliate Super Assistent, Wordpress	2026-05-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through <= 1.10.1.
CVE-2026-48927	2 Jenkins, Jenkins Project	2 Buildgraph-view, Jenkins Buildgraph-view Plugin	2026-05-30	5.5 Medium
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
CVE-2026-6824	1 Cp Plus	3 Cp-unr-108f1 Hardware, Cp-unr-108f1 System, Cp-unr-108f1 Web	2026-05-30	8.4 High
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft.
CVE-2026-7786	1 Jinan Usr Iot Technology Limited (pusr)	1 Usr-w610 Rs232/485 To Wi-fi/ethernet Converter	2026-05-30	9.8 Critical
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

« first previous Page 16 of 2322. next last »