Facemoji\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 25), (line:1, col:26)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (323512 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66498			2025-12-19	5.3 Medium
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
CVE-2025-66911			2025-12-19	6.5 Medium
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
CVE-2019-25228	1 Kentico	1 Xperience	2025-12-19	5.3 Medium
An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading.
CVE-2019-25229	1 Kentico	1 Xperience	2025-12-19	8.8 High
An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling unauthorized file uploads.
CVE-2019-25230	1 Kentico	1 Xperience	2025-12-19	4.3 Medium
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls.
CVE-2020-36889	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface.
CVE-2020-36890	1 Kentico	1 Xperience	2025-12-19	7.2 High
An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.
CVE-2021-47712	1 Kentico	1 Xperience	2025-12-19	7.5 High
A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.
CVE-2022-50680	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information.
CVE-2022-50682	1 Kentico	1 Xperience	2025-12-19	6.5 Medium
A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks.
CVE-2022-50683	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings.
CVE-2022-50684	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security.
CVE-2022-50685	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.
CVE-2022-50686	1 Kentico	1 Xperience	2025-12-19	5.3 Medium
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users.
CVE-2023-53736	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context.
CVE-2023-53737	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface.
CVE-2023-53738	1 Kentico	1 Xperience	2025-12-19	4.6 Medium
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions.
CVE-2023-53934	1 Kentico	1 Xperience	2025-12-19	7.5 High
A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests.
CVE-2023-53935			2025-12-19	5.4 Medium
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed requests to the ticket endpoint.
CVE-2023-53936	1 Tuzitio	1 Camaleon Cms	2025-12-19	5.4 Medium
Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.

« first previous Page 15 of 16176. next last »