| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. |
| Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php). |
| EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users. |
| Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel. |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available in versions 8.6.1 and 9.1.0-alpha.3, escapes user controlled values that are inserted into the HTML pages. No known workarounds are available. |
| FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue. |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files. |
| KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. |
