Browse CVEs

225 CVEs analyzed. 612 pending.

All Critical High Medium Low
CVE-2022-50950 6.5

Webile 1.0.1 contains an unauthenticated directory traversal vulnerability that allows attackers to manipulate file paths and access sensitive system ...

Feb 1, 2026
CVE-2022-50951 6.4

WiFi File Transfer 1.0.8 has a persistent cross-site scripting vulnerability where attackers can inject malicious JavaScript through file and folder n...

Feb 1, 2026
CVE-2022-50952 6.4

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the profile name input field. Attackers can i...

Feb 1, 2026
CVE-2021-47917 6.4

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious scri...

Feb 1, 2026
CVE-2021-47919 6.4

Simple CMS 2.1 contains a reflected cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can craft malicious URLs cont...

Feb 1, 2026
CVE-2021-47920 5.4

WebMO Job Manager 20.0 contains a reflected cross-site scripting vulnerability in search parameters that allows attackers to inject malicious JavaScri...

Feb 1, 2026
CVE-2021-47921 6.5

Free Photo & Video Vault 0.0.2 contains a directory traversal vulnerability that allows remote attackers to manipulate web requests and access sensiti...

Feb 1, 2026
CVE-2022-50797 6.4

The Stripe Green Downloads WordPress plugin version 2.03 contains a persistent cross-site scripting (XSS) vulnerability in button label fields. Attack...

Feb 1, 2026
CVE-2021-47911 5.4

Affiliate Pro 1.7 contains reflected cross-site scripting vulnerabilities in index module input fields (fullname, username, email). Attackers can inje...

Feb 1, 2026
CVE-2021-47912 6.4

PHP Melody 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can injec...

Feb 1, 2026
CVE-2021-47913 6.4

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor's WYSIWYG component. Privileged users can inject malicious...

Feb 1, 2026
CVE-2021-47914 6.4

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inje...

Feb 1, 2026
CVE-2021-47856 6.4

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers c...

Feb 1, 2026
CVE-2021-47885 6.4

Multiple payment terminal versions contain non-persistent cross-site scripting (XSS) vulnerabilities in billing and payment information input fields. ...

Feb 1, 2026
CVE-2021-47908 6.4

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows attackers to inject malicious scri...

Feb 1, 2026
CVE-2025-50537 5.5

A stack overflow vulnerability in ESLint versions before 9.26.0 allows denial of service when processing test cases with circular references. This aff...

Jan 26, 2026
CVE-2024-35280 5.4

This vulnerability allows attackers to perform reflected cross-site scripting (XSS) attacks against FortiDeceptor recovery endpoints. Attackers can in...

Jan 15, 2025
CVE-2024-45326 4.3

An authenticated attacker with no privileges can perform unauthorized operations on FortiDeceptor central management appliances by sending crafted req...

Jan 14, 2025