Search
24,157 CVEs · Medium severity
CVEs (24,157, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 24,157 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2011-10036 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScript link. Insufficient validation or escaping… |
| CVE-2011-10037 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insu… |
| CVE-2011-10038 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web interface. Insufficient validation or escapin… |
| CVE-2011-10039 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficie… |
| CVE-2011-10040 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation o… |
| CVE-2013-10071 | MEDIUM | Patched | 6.1 | 2025-10-30 | Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation … |
| CVE-2013-10072 | MEDIUM | Patched | 6.5 | 2025-10-30 | Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpo… |
| CVE-2013-10074 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-suppl… |
| CVE-2013-1424 | MEDIUM | Patched | 5.6 | 2025-06-26 | Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. |
| CVE-2013-20005 | MEDIUM | 5.3 | 2026-03-16 | Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malic… | |
| CVE-2014-125128 | MEDIUM | Patched | 6.1 | 2025-09-08 | 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribu… |
| CVE-2015-10146 | MEDIUM | Patched | 4.9 | 2025-10-29 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficien… |
| CVE-2015-10147 | MEDIUM | Patched | 4.9 | 2025-10-29 | The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to insuffici… |
| CVE-2015-20113 | MEDIUM | 5.3 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrativ… | |
| CVE-2015-20114 | MEDIUM | 6.1 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious … | |
| CVE-2015-20116 | MEDIUM | 6.1 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart … | |
| CVE-2015-20117 | MEDIUM | 5.3 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and ad… | |
| CVE-2015-20119 | MEDIUM | 6.4 | 2026-03-16 | Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements… | |
| CVE-2016-15049 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table. Untrusted log… |
| CVE-2016-15051 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient … |
| CVE-2016-15052 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient validation or escaping of user-supplie… |
| CVE-2016-15053 | MEDIUM | Patched | 5.4 | 2025-10-30 | Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of use… |
| CVE-2016-20023 | MEDIUM | Patched | 5.0 | 2025-12-05 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. |
| CVE-2016-20027 | MEDIUM | 6.1 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malici… | |
| CVE-2016-20028 | MEDIUM | 4.3 | 2026-03-16 | ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiti… |