Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-25418 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25417 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers ca... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25735 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26464 Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that ... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25402 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username paramet... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-15562 The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in th... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1438 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1439 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30981 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bo... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1440 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30982 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and po... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30984 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an appl... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-12473 The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1441 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include s... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-28772 A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interfa... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-28771 A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface v... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25868 MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2678 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attack... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24415 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modifica... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2679 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2502 The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin tru... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2680 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an at... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27116 Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the `filter` URL parameter is rende... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3884 Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker wou... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3824 IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website. | 6.1 | MEDIUM | — | 0 |
| CVE-2016-20036 Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized bef... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3825 IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attac... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-15599 DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27568 WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-58405 The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-64736 An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0521 A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victi... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30695 A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The v... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27156 NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements (`Element.run_method()`, `AgGrid.run_grid_method()`, `EChart.run_chart... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-20117 A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attack... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-46320 A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMake... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1780 The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and out... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27612 Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the `RepoCard` component is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability occ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61645 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files include... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27901 Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable H... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27746 The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML out... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27645 changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-11706 The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitizati... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25398 IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Att... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67851 A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, wh... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25397 IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. At... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25396 IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25356 Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-12453 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of c... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.