Total
6322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9388 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9334 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafar_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to call arbitrary plugin functions and execute code within those functions. | |||||
| CVE-2025-9321 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code. | |||||
| CVE-2025-9306 | 1 Donbermoy | 1 Advanced School Management System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9237 | 1 Codeastro | 1 Ecommerce Website | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-9235 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9234 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9233 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9171 | 1 Solidinvoice | 1 Solidinvoice | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9170 | 1 Solidinvoice | 1 Solidinvoice | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9169 | 1 Solidinvoice | 1 Solidinvoice | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9168 | 1 Solidinvoice | 1 Solidinvoice | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9167 | 1 Solidinvoice | 1 Solidinvoice | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9147 | 1 Jasonclark | 1 Getsemantic | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9145 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9144 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-9143 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9138 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower. An admin user - by definition - has full control over HTML and JS code that is delivered to users in regular synoptic panels. In other words - due to the design of the system it is not possible to limit the admin user to attack the users." | |||||
| CVE-2025-9137 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower. An admin user - by definition - has full control over HTML and JS code that is delivered to users in regular synoptic panels. In other words - due to the design of the system it is not possible to limit the admin user to attack the users." | |||||
| CVE-2025-9120 | 2026-06-17 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8.3. | |||||