Export limit exceeded: 46349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46349 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10228 | 1 Raisulislamg4 | 1 Student Management System By Php | 2026-06-01 | 3.5 Low |
| A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10247 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-06-01 | 3.5 Low |
| A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of the argument generic_name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-40544 | 1 Soplanning | 1 Soplanning | 2026-06-01 | N/A |
| SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the victim’s browser when a user clicks the Edit button for the malicious backup. This issue affects SOPlanning version 1.55 and below. | ||||
| CVE-2026-9024 | 2026-06-01 | 8.7 High | ||
| A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2026-40545 | 1 Soplanning | 1 Soplanning | 2026-06-01 | N/A |
| SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below. | ||||
| CVE-2026-25600 | 2026-06-01 | 6.4 Medium | ||
| The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant across installations, any attacker with sufficient local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored password and authenticate as the user defined in the configuration file. In the affected version, this user account is configured with administrative privileges, granting full access to PDBM’s management interface and its underlying operational functions. | ||||
| CVE-2026-25599 | 2026-06-01 | 6.3 Medium | ||
| Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices communicating with the Orca server over an unencrypted and unauthenticated HTTP connection on a non-secure port specifically enable an attacker to impersonate a legitimate device and inject malicious payloads. This enables the insertion of harmful code directly into the Orca user portal, potentially compromising user accounts, exposing sensitive information, and allowing further unauthorized actions within the portal. | ||||
| CVE-2024-12796 | 1 Holistic It | 1 Workcube Erp | 2026-06-01 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Holistic IT, Consultancy Coop. Workcube ERP allows Reflected XSS. This issue affects Workcube ERP: from V12 - V14 before Cognitive. | ||||
| CVE-2024-12914 | 1 Akinsoft | 1 Qr Menu | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS). This issue affects QR Menü: from s1.05.05 before v1.05.12. | ||||
| CVE-2026-49368 | 1 Jetbrains | 1 Youtrack | 2026-06-01 | 8.7 High |
| In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | ||||
| CVE-2024-12915 | 2026-06-01 | 4.6 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS. This issue affects Library Software: before 24.11.02. | ||||
| CVE-2024-12972 | 1 Akinsoft | 1 Octocloud | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS). This issue affects OctoCloud: from s1.09.01 before v1.11.01. | ||||
| CVE-2026-49384 | 1 Jetbrains | 1 Pycharm | 2026-06-01 | 6.1 Medium |
| In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | ||||
| CVE-2024-12974 | 1 Akinsoft | 1 Prokuaför | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS). This issue affects ProKuaför: from s1.02.07 before v1.02.08. | ||||
| CVE-2024-13064 | 1 Akinsoft | 1 Myrezzta | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS). This issue affects MyRezzta: from s2.02.02 before v2.05.01. | ||||
| CVE-2024-13071 | 1 Akinsoft | 1 E-mutabakat | 2026-06-01 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS). This issue affects e-Mutabakat: from 2.02.05 before v2.02.06. | ||||
| CVE-2024-13073 | 1 Akinsoft | 1 Taskpano | 2026-06-01 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS). This issue affects TaskPano: s1.06.04. | ||||
| CVE-2023-0320 | 1 University Information Management System Project | 1 University Information Management System | 2026-06-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS. This issue affects UBYS: before 23.03.16. | ||||
| CVE-2023-0322 | 1 Talentyazilim | 1 Unis | 2026-06-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 28376. | ||||
| CVE-2023-0577 | 1 Asosegitim | 1 Sobiad | 2026-06-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS). This issue affects SOBIAD: before 23.02.01. | ||||