Total
44973 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24614 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.10. | |||||
| CVE-2026-24601 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5. | |||||
| CVE-2026-24600 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5. | |||||
| CVE-2026-24594 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4. | |||||
| CVE-2026-24591 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6. | |||||
| CVE-2026-24584 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0. | |||||
| CVE-2026-24576 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0. | |||||
| CVE-2026-24573 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0. | |||||
| CVE-2026-24558 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1. | |||||
| CVE-2026-24555 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.2. | |||||
| CVE-2026-24550 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19. | |||||
| CVE-2026-24528 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9. | |||||
| CVE-2026-24526 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.5.0. | |||||
| CVE-2026-24490 | 1 Opensecurity | 1 Mobile Security Framework | 2026-06-17 | N/A | 8.1 HIGH |
| MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The `android:host` attribute from `<data android:scheme="android_secret_code">` elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover. Version 4.4.5 fixes the issue. | |||||
| CVE-2026-24476 | 1 Shaarli Project | 1 Shaarli | 2026-06-17 | N/A | 5.4 MEDIUM |
| Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue. | |||||
| CVE-2026-24433 | 1 Tenda | 2 W30e, W30e Firmware | 2026-06-17 | N/A | 5.4 MEDIUM |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when administrative users access the affected management pages. | |||||
| CVE-2026-24426 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-06-17 | N/A | 6.1 MEDIUM |
| Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser context. | |||||
| CVE-2026-24415 | 1 Devcode | 1 Openstamanager | 2026-06-17 | N/A | 6.1 MEDIUM |
| OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET parameter before reflecting it in HTML output.The $_GET['righe'] parameter is directly echoed into the HTML value attribute without any sanitization using htmlspecialchars() or equivalent functions. This allows an attacker to break out of the attribute context and inject arbitrary HTML/JavaScript. | |||||
| CVE-2026-24399 | 1 Chattermate | 1 Chattermate | 2026-06-17 | N/A | 9.3 CRITICAL |
| ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9. | |||||
| CVE-2026-24392 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2. | |||||
