Total
2932 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32504 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5. | |||||
| CVE-2025-32638 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile ShopApper allows Stored XSS. This issue affects ShopApper: from n/a through 0.4.39. | |||||
| CVE-2025-39432 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1. | |||||
| CVE-2025-32646 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS. This issue affects Question Answer: from n/a through 1.2.70. | |||||
| CVE-2025-32511 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce allows Reflected XSS. This issue affects Make Email Customizer for WooCommerce: from n/a through 1.0.5. | |||||
| CVE-2025-32562 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll allows Reflected XSS. This issue affects WP Easy Poll: from n/a through 2.2.9. | |||||
| CVE-2025-27322 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bappa Mal QR Code for WooCommerce allows Reflected XSS. This issue affects QR Code for WooCommerce: from n/a through 1.2.0. | |||||
| CVE-2025-32592 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3. | |||||
| CVE-2025-32588 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial allows Reflected XSS. This issue affects Credova_Financial: from n/a through 2.4.8. | |||||
| CVE-2025-32609 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect allows Reflected XSS. This issue affects Verowa Connect: from n/a through 3.0.4. | |||||
| CVE-2025-32526 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS. This issue affects Zephyr Project Manager: from n/a through 3.3.101. | |||||
| CVE-2025-32613 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS. This issue affects Debug Log Manager: from n/a through 2.3.4. | |||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2025-04-17 | N/A | 7.1 HIGH |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | |||||
| CVE-2022-27494 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-1059 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-17 | N/A | 7.5 HIGH |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | |||||
| CVE-2024-34224 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | |||||
| CVE-2025-24412 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24413 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24414 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||