CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-30083	1 Webfairy	1 Mediat	2024-11-21	6.1 Medium
An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php.
CVE-2021-30082	1 Gris Cms Project	1 Gris Cms	2024-11-21	6.1 Medium
An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard.
CVE-2021-30074	1 Docsifyjs	1 Docsify	2024-11-21	6.1 Medium
docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character.
CVE-2021-30071	1 Hestiacp	1 Control Panel	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-30064	2 Belden, Schneider-electric	26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more	2024-11-21	9.8 Critical
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
CVE-2021-30058	1 Eng	1 Knowage	2024-11-21	6.1 Medium
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
CVE-2021-30056	1 Eng	1 Knowage	2024-11-21	5.4 Medium
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
CVE-2021-30049	1 Sysaid	1 Sysaid	2024-11-21	6.1 Medium
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
CVE-2021-30044	1 Remoteclinic	1 Remote Clinic	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
CVE-2021-30042	1 Remoteclinic	1 Remote Clinic	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php
CVE-2021-30039	1 Remoteclinic	1 Remote Clinic	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.
CVE-2021-30034	1 Remoteclinic	1 Remote Clinic	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
CVE-2021-30030	1 Remoteclinic	1 Remote Clinic	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
CVE-2021-30003	1 Nokia	2 G-120w-f, G-120w-f Firmware	2024-11-21	4.8 Medium
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
CVE-2021-29996	1 Marktext	1 Marktext	2024-11-21	9.6 Critical
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.
CVE-2021-29994	1 Cloudera	1 Hue	2024-11-21	6.1 Medium
Cloudera Hue 4.6.0 allows XSS.
CVE-2021-29991	1 Mozilla	2 Firefox, Thunderbird	2024-11-21	8.1 High
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.
CVE-2021-29979	1 Mozilla	1 Hubs Cloud	2024-11-21	6.1 Medium
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634.
CVE-2021-29953	1 Mozilla	1 Firefox	2024-11-21	6.1 Medium
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
CVE-2021-29944	1 Mozilla	1 Firefox	2024-11-21	6.1 Medium
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 88.

« first previous Page 1640 of 2148. next last »