Total
44608 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60967 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60961 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. | |||||
| CVE-2025-60958 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60950 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2025-60948 | 1 Csprousers | 1 Csweb | 2026-06-17 | N/A | 4.6 MEDIUM |
| Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha. | |||||
| CVE-2025-60936 | 1 Openenergymonitor | 1 Emoncms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs. | |||||
| CVE-2025-60934 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched version is PP-Release-6.3.2.0. | |||||
| CVE-2025-60933 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0. | |||||
| CVE-2025-60932 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0. | |||||
| CVE-2025-60917 | 1 Craws | 1 Openatlas | 2026-06-17 | N/A | 4.6 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter. | |||||
| CVE-2025-60916 | 1 Craws | 1 Openatlas | 2026-06-17 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter. | |||||
| CVE-2025-60914 | 1 Craws | 1 Openatlas | 2026-06-17 | N/A | 4.6 MEDIUM |
| Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint. | |||||
| CVE-2025-60880 | 1 Webkul | 1 Bagisto | 2026-06-17 | N/A | 8.3 HIGH |
| An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions. | |||||
| CVE-2025-60869 | 2026-06-17 | N/A | 7.3 HIGH | ||
| Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visitors viewing the generated static site. | |||||
| CVE-2025-60859 | 1 Sir | 1 Gnuboard | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php. | |||||
| CVE-2025-60837 | 1 Mingsoft | 1 Mcms | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. | |||||
| CVE-2025-60796 | 1 Phppgadmin Project | 1 Phppgadmin | 2026-06-17 | N/A | 6.1 MEDIUM |
| phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions. | |||||
| CVE-2025-60782 | 1 Iqbolshoh | 1 Php Education Management | 2026-06-17 | N/A | 5.4 MEDIUM |
| PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates. | |||||
| CVE-2025-60781 | 1 Iqbolshoh | 1 Php Education Management | 2026-06-17 | N/A | 6.1 MEDIUM |
| PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter. | |||||
| CVE-2025-60739 | 1 Ilevia | 2 Eve X1 Server, Eve X1 Server Firmware | 2026-06-17 | N/A | 9.6 CRITICAL |
| Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /bh_web_backend component | |||||