Total
323542 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58318 | 1 Kentico | 1 Xperience | 2025-12-19 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2023-53737 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.6 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface. | ||||
| CVE-2022-50682 | 1 Kentico | 1 Xperience | 2025-12-19 | 6.5 Medium |
| A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks. | ||||
| CVE-2022-50681 | 1 Kentico | 1 Xperience | 2025-12-19 | 5.4 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers. | ||||
| CVE-2020-36891 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.6 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2020-36889 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.6 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface. | ||||
| CVE-2025-1885 | 2025-12-19 | 5.4 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing.This issue affects Online Food Delivery System: through 19122025. | ||||
| CVE-2025-14882 | 2025-12-19 | N/A | ||
| An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only. | ||||
| CVE-2025-1928 | 2025-12-19 | 9.1 Critical | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.This issue affects Online Food Delivery System: through 19122025. | ||||
| CVE-2025-67846 | 2025-12-19 | 4.9 Medium | ||
| The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contains unpatched vulnerabilities. By browsing directly to the specific git-ref or deployment-id subdomain, the attacker can force the application to load the vulnerable version. | ||||
| CVE-2025-66906 | 2025-12-19 | 6.1 Medium | ||
| Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges. | ||||
| CVE-2025-14812 | 2025-12-19 | 7.5 High | ||
| ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk. | ||||
| CVE-2025-66501 | 2025-12-19 | 6.3 Medium | ||
| A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the injected script may execute when predefined text is used or when viewing document properties. | ||||
| CVE-2025-64236 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6. | ||||
| CVE-2019-25228 | 1 Kentico | 1 Xperience | 2025-12-19 | 5.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading. | ||||
| CVE-2019-25229 | 1 Kentico | 1 Xperience | 2025-12-19 | 8.8 High |
| An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling unauthorized file uploads. | ||||
| CVE-2022-50683 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.6 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings. | ||||
| CVE-2022-50684 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.6 Medium |
| An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security. | ||||
| CVE-2022-50686 | 1 Kentico | 1 Xperience | 2025-12-19 | 5.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users. | ||||
| CVE-2023-53738 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.6 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions. | ||||