Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43853 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42746 1 Auieo 1 Candidats 2025-05-05 6.1 Medium
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
CVE-2022-41435 1 Openwrt 1 Luci 2025-05-05 5.4 Medium
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.
CVE-2022-30615 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-05-05 5.4 Medium
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.
CVE-2024-50053 1 Zohocorp 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcentre Plus 2025-05-05 6.3 Medium
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
CVE-2022-43372 1 Emlog 1 Emlog 2025-05-05 4.8 Medium
Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php.
CVE-2024-21395 1 Microsoft 1 Dynamics 365 2025-05-03 8.2 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21328 1 Microsoft 1 Dynamics 365 2025-05-03 7.6 High
Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-20679 1 Microsoft 1 Azure Stack Hub 2025-05-03 6.5 Medium
Azure Stack Hub Spoofing Vulnerability
CVE-2024-21394 1 Microsoft 1 Dynamics 365 2025-05-03 7.6 High
Dynamics 365 Field Service Spoofing Vulnerability
CVE-2024-21393 1 Microsoft 1 Dynamics 365 2025-05-03 7.6 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21389 1 Microsoft 1 Dynamics 365 2025-05-03 7.6 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21419 1 Microsoft 1 Dynamics 365 2025-05-03 7.6 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-29049 1 Microsoft 1 Edge Chromium 2025-05-03 4.1 Medium
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVE-2024-26251 1 Microsoft 1 Sharepoint Server 2025-05-03 6.8 Medium
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2024-29063 1 Microsoft 1 Azure Ai Search 2025-05-03 7.3 High
Azure AI Search Information Disclosure Vulnerability
CVE-2024-30048 1 Microsoft 1 Dynamics 365 Customer Insights 2025-05-03 7.6 High
Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30047 1 Microsoft 1 Dynamics 365 Customer Insights 2025-05-03 7.6 High
Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30053 1 Microsoft 1 Azure Migrate 2025-05-03 6.5 Medium
Azure Migrate Cross-Site Scripting Vulnerability
CVE-2023-28362 1 Redhat 1 Satellite 2025-05-02 4 Medium
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
CVE-2022-43982 1 Apache 1 Airflow 2025-05-02 6.1 Medium
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.