Latest CVE Feed
-
4.8
MEDIUMCVE-2025-55254
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.... Read more
- Published: Dec. 17, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-15188
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scrip... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15372
A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is pos... Read more
Affected Products : vue3-element-admin- Published: Dec. 31, 2025
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper outpu... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20075
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14556
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20972
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.... Read more
Affected Products : android- Published: Jan. 09, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (submitted as images[] in a POST request) is reflected into an HTML href attribute without proper c... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15022
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be u... Read more
Affected Products : vaadin- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-0716
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unin... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-14557
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-55063
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15504
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The... Read more
Affected Products : lief- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-14991
A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing manipulation of the argument fromdate can lead to cross ... Read more
- Published: Dec. 21, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15452
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross ... Read more
Affected Products : wangmarket- Published: Jan. 05, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-22212
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device d... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15203
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiat... Read more
Affected Products : cachecloud- Published: Dec. 29, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting