Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,868
Quick preset (or use dates below)
Clear Filters
Showing 12,601 - 12,620 of 14,675 CVEs
CVE-2025-70960 MEDIUM - 5.4

A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

Published: Feb 02, 2026
Source: NVD
CVE-2025-70959 MEDIUM - 5.4

A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

Published: Feb 02, 2026
Source: NVD
CVE-2025-70958 MEDIUM - 6.1

Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.

Vendor: composer
Product: intelliants/subrion
Published: Feb 02, 2026
Source: NVD
CVE-2025-6595 MEDIUM - 4.7

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.

Published: Feb 02, 2026
Source: NVD
CVE-2025-6594 MEDIUM - 4.7

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects MediaWiki: from 1.2...

Published: Feb 02, 2026
Source: NVD
CVE-2025-6591 MEDIUM - 4.7

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Published: Feb 02, 2026
Source: NVD
CVE-2025-36436 MEDIUM - 6.4

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007  is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web U...

Vendor: IBM
Product: Cloud Pak for Business Automation
Published: Feb 02, 2026
Source: NVD
CVE-2025-36253 MEDIUM - 5.9

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Vendor: IBM
Product: Concert
Published: Feb 02, 2026
Source: NVD
CVE-2025-36238 MEDIUM - 6.0

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

Vendor: IBM
Product: PowerVM Hypervisor
Published: Feb 02, 2026
Source: NVD
CVE-2025-12772 MEDIUM - 4.9

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulne...

Vendor: Brocade
Product: SANnav
Published: Feb 02, 2026
Source: NVD
CVE-2026-25523 MEDIUM - 5.3

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1.

Vendor: composer
Product: openmage/magento-lts
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25490 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field i...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25489 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in T...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25488 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories (Name & Descrip...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25487 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' fi...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25486 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is not ...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25485 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories (Name & De...

Vendor: composer
Product: craftcms/composer
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25484 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input (source) is in Commerce (Product Type setting...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25483 MEDIUM - 5.4

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script exe...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25482 MEDIUM - 4.8

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping,...

Vendor: composer
Product: craftcms/commerce
Published: Feb 02, 2026
Source: GitHub