Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-1441 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0505 The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61648 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1404 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter p... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61651 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70958 Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-11261 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0521 A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victi... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1643 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes i... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1634 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25387 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25386 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unv... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25383 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through mult... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70845 lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25382 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25381 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvali... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25323 Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can cra... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25324 RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25380 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multipl... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1666 The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up to, and including, 3.3.46. This is due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2026 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-66596 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, use... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25378 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters inc... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25385 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25389 Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES p... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-33135 IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26000 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would tr... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-37111 60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS p... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0946 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet Smart... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-36019 IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33499 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `view/forbiddenPage.php` and `view/warningPage.php` templates reflect the `$_REQUEST['unlockPassword']` paramete... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33230 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nlt... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33209 Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting (XSS) vulnerability exists in the return_to query parameter used in the avo ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-57543 Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This c... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-41067 Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <scr... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-34606 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-39336 ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields set from config, Person editor defaults rendered int... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-35398 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52204 A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33885 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could b... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-51226 A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HT... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33883 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:reset_password_form` tag could render user-input directly into HTML without escapi... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26169 Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25854 Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61655 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files incl... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61656 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67475 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files include... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67477 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67481 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67483 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.