Skip to main content
CVE-2025-65519 MEDIUM POC This Month

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. [CVSS 6.5 MEDIUM]

Denial Of Service Ezbookkeeping
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70063 MEDIUM POC This Month

Hospital Management System versions up to 4.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Hospital Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70062 MEDIUM POC This Month

Hospital Management System versions up to 4.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

PHP CSRF Hospital Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25399 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. [CVSS 6.4 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25326 MEDIUM POC This Month

ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content. [CVSS 6.2 MEDIUM]

Denial Of Service Ippulse
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25398 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25397 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25396 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25356 MEDIUM POC This Month

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. [CVSS 6.1 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1296 MEDIUM POC This Month

Frontend Post Submission Manager Lite (WordPress plugin) versions up to 1.2.7 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

WordPress Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27176 MEDIUM POC This Month

Reflected XSS in MajorDoMo's command.php allows remote attackers to inject arbitrary JavaScript through an unsanitized qry parameter, affecting users who click malicious links. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24745 MEDIUM POC PATCH This Month

Stored XSS via SVG file upload in InvoicePlane 1.7.0 Login Logo functionality allows authenticated administrators to inject persistent malicious scripts, potentially compromising application integrity and enabling unauthorized data modification. Public exploit code exists for this vulnerability, which requires high-level privileges but can lead to persistent backdoors and full application compromise. InvoicePlane 1.7.1 addresses this issue.

Golang XSS Invoiceplane
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-24744 MEDIUM POC PATCH This Month

Stored XSS in InvoicePlane 1.7.0's invoice editing function fails to sanitize the invoice_number parameter, allowing authenticated administrators to inject malicious scripts that persist in the application. Public exploit code exists for this vulnerability, enabling attackers with admin access to modify data, create backdoors, and compromise application integrity. Version 1.7.1 addresses this issue.

XSS Invoiceplane
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-24743 MEDIUM POC PATCH This Month

Stored XSS in InvoicePlane 1.7.0 via malicious SVG file upload in the Invoice Logo function allows authenticated administrators to inject persistent malicious scripts and compromise application integrity. Public exploit code exists for this vulnerability. Version 1.7.1 contains the patch.

Golang XSS Invoiceplane
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-24746 MEDIUM POC PATCH This Month

Stored XSS in InvoicePlane 1.7.0's Edit Quotes function allows authenticated administrators to inject malicious scripts via the unvalidated quote_number parameter, enabling persistent code execution and data manipulation. Public exploit code exists for this vulnerability, which could lead to unauthorized modification of invoices, creation of backdoors, and complete compromise of application integrity. Version 1.7.1 addresses this flaw.

XSS Invoiceplane
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-2669 MEDIUM POC This Month

Visual Integrated Command And Dispatch Platform versions up to 20260206. contains a security vulnerability (CVSS 6.5).

Information Disclosure Visual Integrated Command And Dispatch Platform
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-2668 MEDIUM POC This Month

Visual Integrated Command And Dispatch Platform versions up to 20260206. contains a security vulnerability (CVSS 7.3).

Information Disclosure Visual Integrated Command And Dispatch Platform
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2019-25400 MEDIUM POC This Month

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, SRVGRP_NAME, SRVGRP_REMARK, and updatesrvgrp. [CVSS 5.4 MEDIUM]

XSS Ipfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-25500 MEDIUM POC PATCH This Month

Rack's Directory module fails to sanitize filenames when generating HTML directory listings, allowing attackers to craft files with javascript: scheme names that execute arbitrary code when clicked. Authenticated users or those with access to directories containing maliciously named files can trigger stored XSS attacks affecting other users viewing the directory index. Public exploit code exists for versions prior to 2.2.22, 3.1.20, and 3.2.5.

Ruby Rack Red Hat Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2667 MEDIUM POC This Month

Visual Integrated Command And Dispatch Platform versions up to 20260206. contains a security vulnerability (CVSS 5.3).

Information Disclosure Visual Integrated Command And Dispatch Platform
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25596 MEDIUM POC PATCH This Month

InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Product Unit Name field that allows authenticated administrators to inject malicious scripts executed when other admins view affected invoices. Public exploit code exists for this vulnerability, though exploitation requires high-privilege administrator access and user interaction. Version 1.7.1 resolves the issue.

XSS Invoiceplane
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-25595 MEDIUM POC PATCH This Month

InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Invoice Number field that allows authenticated administrators to inject malicious JavaScript executing in other administrators' browsers when viewing invoices or the dashboard. Public exploit code exists for this vulnerability, which has a CVSS score of 4.8 and can result in data theft or unauthorized actions within the application. A patch is available in version 1.7.1.

XSS Invoiceplane
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-25594 MEDIUM POC PATCH This Month

InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Family Name field that executes malicious scripts in administrators' browsers when they access the product form. An authenticated administrator can inject payloads via the family dropdown to compromise other admin sessions. Public exploit code exists for this vulnerability, though a patch is available in version 1.7.1.

XSS Invoiceplane
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-1277 MEDIUM POC This Month

URL Shortify (WordPress plugin) versions up to 1.12.1 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).

WordPress Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-26281 MEDIUM POC PATCH This Month

Stored XSS in InvoicePlane's Sumex invoice view enables authenticated users with invoice management privileges to inject malicious JavaScript that executes in other users' browsers, potentially compromising sessions and enabling data theft. Public exploit code exists for this vulnerability. Version 1.7.1 and later contain the fix.

XSS Invoiceplane
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2426 MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2026-20144 MEDIUM This Month

Splunk Enterprise and Splunk Cloud Platform deployments expose SAML authentication configurations in plaintext logs accessible to users with Search Head Cluster administrative roles and _internal index access, allowing credential and authentication extension disclosure. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, as well as Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20142 MEDIUM This Month

Splunk Enterprise versions before 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose RSA access keys in plain text within the Authentication.conf file to users with access to the _internal index on Search Head Cluster deployments. A privileged user with appropriate role permissions could read these sensitive credentials, compromising authentication security. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20138 MEDIUM This Month

Splunk Search Head Cluster deployments below versions 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose Duo Two-Factor Authentication secrets (integrationKey, secretKey, appSecretKey) in plain text to users with access to the _internal index and appropriate roles. An authenticated attacker with these privileges could retrieve sensitive credentials and compromise Duo authentication controls for the Splunk environment. No patch is currently available for this vulnerability.

Information Disclosure Splunk
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-1355 MEDIUM This Month

GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoint that permits authenticated attackers to inject malicious content into other users' migration exports. An attacker can overwrite a victim's migration archive and cause them to download compromised repository data during restoration or automated imports. No patch is currently available, affecting all versions prior to 3.20.

Github Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-1436 MEDIUM This Month

Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows authenticated users to enumerate and access other users' profiles by manipulating user IDs in requests. An attacker with valid credentials can extract sensitive information including usernames, email addresses, internal identifiers, and last activity timestamps from arbitrary user accounts. No patch is currently available for this vulnerability.

Authentication Bypass Graylog
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1942 MEDIUM This Month

Unauthorized post modification in Blog2Social plugin for WordPress versions up to 8.7.4 allows authenticated subscribers and higher-privileged users to alter arbitrary post and page content due to missing post-level permission checks in the curation draft AJAX handler. An attacker can exploit this by providing a target post ID to overwrite titles and content across the site without proper authorization.

WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1317 MEDIUM This Month

SQL injection in the WP Import - Ultimate CSV Importer plugin for WordPress (versions up to 7.37) allows authenticated subscribers and higher-privileged users to inject malicious SQL commands through specially crafted filenames during file uploads. When the Single Import/Export feature is enabled on PHP versions below 8.0, attackers can extract sensitive database information by exploiting insufficient input validation. The vulnerability requires valid WordPress credentials but poses a medium risk due to its direct access to database contents.

WordPress PHP SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1639 MEDIUM This Month

SQL injection in the Taskbuilder WordPress plugin through unescaped 'order' and 'sort_by' parameters allows authenticated users with subscriber-level privileges to extract sensitive database information via time-based blind SQL injection attacks. The vulnerability affects all versions up to 5.0.2 and has no available patch. Attackers can craft malicious queries to systematically retrieve confidential data from the WordPress database.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14799 MEDIUM This Month

The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription form...

WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1344 MEDIUM This Month

Enforce Recovery Key Portal is affected by incorrect permission assignment for critical resource (CVSS 6.5).

Privilege Escalation Enforce Recovery Key Portal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0665 MEDIUM PATCH This Month

QEMU's KVM Xen guest support contains an off-by-one error in the physdev hypercall interface that allows authenticated guest users to trigger out-of-bounds heap memory access within the hypervisor process. This vulnerability can lead to denial of service through memory corruption, potentially affecting virtualized environments running QEMU with Xen guest support enabled. No patch is currently available.

Memory Corruption Denial Of Service Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1941 MEDIUM This Month

Stored cross-site scripting in WP Event Aggregator plugin through version 1.8.7 allows authenticated contributors and above to inject malicious scripts via the wp_events shortcode due to inadequate input sanitization. When site visitors access pages containing the injected payload, the scripts execute in their browsers, potentially compromising user sessions and data. No patch is currently available, leaving affected WordPress installations vulnerable.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1807 MEDIUM This Month

InteractiveCalculator for WordPress (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12122 MEDIUM This Month

The Popup Box - Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-11737 MEDIUM This Month

VK All in One Expansion Unit (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6460 MEDIUM This Month

Display During Conditional Shortcode (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13959 MEDIUM This Month

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-11185 MEDIUM This Month

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1200 MEDIUM This Month

Memory corruption in the rgaufman/live555 fork's `increaseBufferTo` function can be triggered by remote attackers with low privileges, causing segmentation faults and potential system instability. The vulnerability requires network access but no user interaction, affecting systems running vulnerable versions of the affected library. No patch is currently available for this issue.

Memory Corruption Red Hat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-8308 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. [CVSS 6.3 MEDIUM]

XSS
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1666 MEDIUM This Month

The Download Manager plugin for WordPress through version 3.3.46 contains a reflected XSS vulnerability in the 'redirect_to' parameter that allows unauthenticated attackers to inject malicious scripts. An attacker can exploit this by crafting a malicious link that, when clicked by a victim, executes arbitrary JavaScript in their browser session. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-1404 MEDIUM This Month

The Ultimate Member WordPress plugin through version 2.11.1 contains a reflected XSS vulnerability in filter parameters that lack proper input sanitization and output escaping. Unauthenticated attackers can inject malicious scripts into pages by crafting malicious links and convincing users to click them. Successful exploitation results in arbitrary JavaScript execution in the context of the affected user's browser session.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-1437 MEDIUM This Month

Reflected XSS in Graylog 2.2.3's web interface allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting malicious URLs that bypass HTML output sanitization, particularly through the user edit endpoint. An attacker can exploit this to perform session hijacking or manipulate user context with no user interaction required beyond visiting a crafted link. No patch is currently available for this vulnerability.

XSS Graylog
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1441 MEDIUM This Month

Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/index_sets/ endpoint where unsanitized URL parameters are echoed into HTML responses, enabling attackers to execute arbitrary JavaScript in users' browsers. An attacker can craft a malicious URL to steal session cookies, hijack user sessions, or perform unauthorized actions within the victim's Graylog interface. No patch is currently available for this vulnerability.

XSS Graylog
NVD
CVSS 3.1
6.1
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy