Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.
AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= 2.8.
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.<!----></div> <div class="card-meta-row svelte-btihk4"><div class="card-vendors-inline svelte-btihk4"><!--[--><!--]--></div> <div class="footer-meta svelte-btihk4"><span class="source-tag svelte-btihk4"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><polyline points="20 6 9 17 4 12"></polyline></svg> NVD</span> <span class="rrf-score svelte-btihk4">RRF 0.013</span></div></div></article><article class="result-card svelte-btihk4"><div class="card-header svelte-btihk4"><a class="cve-id svelte-btihk4" href="/cve/CVE-2024-42020">CVE-2024-42020</a> <div class="card-badges svelte-btihk4"><span class="badge svelte-eex7hx" data-variant="severity-medium"><!---->MEDIUM<!----></span><!----> <!--[0--><span class="cvss-chip svelte-btihk4">CVSS 5.4</span><!--]--> <!--[-1--><!--]--></div> <a class="btn-similar svelte-btihk4" href="/search?similarTo=CVE-2024-42020">Find Similar <svg xmlns="http://www.w3.org/2000/svg" width="11" height="11" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg></a></div> <div class="card-desc svelte-btihk4"><!---->A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.<!----></div> <div class="card-meta-row svelte-btihk4"><div class="card-vendors-inline svelte-btihk4"><!--[--><a class="vendor-chip svelte-btihk4" href="/affected-products?vendor=veeam">veeam</a><!--]--></div> <div class="footer-meta svelte-btihk4"><span class="source-tag svelte-btihk4"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><polyline points="20 6 9 17 4 12"></polyline></svg> NVD</span> <span class="rrf-score svelte-btihk4">RRF 0.013</span></div></div></article><!--]--></div> <!--[0--><div class="pagination-row svelte-btihk4"><!--[-1--><!--]--> <span class="page-info">Page 1+</span> <!--[0--><a class="btn-page btn-page-next svelte-btihk4" href="/search?similarTo=CVE-2026-24710&amp;offset=20">Next →</a><!--]--></div><!--]--><!--]--></div><!----><!--]--><!----></main></div></div> <div class="toast-region svelte-1fk2ial" aria-live="polite" aria-atomic="false"><!--[--><!--]--></div><!----><!--]--><!--]--> <!--[-1--><!--]--><!--]--> <script> { __sveltekit_e72tfh = { base: new URL(".", location).pathname.slice(0, -1) }; const element = document.currentScript.parentElement; Promise.all([ import("./_app/immutable/entry/start.BnaBWhgS.js"), import("./_app/immutable/entry/app.Vz6P_sPi.js") ]).then(([kit, app]) => { kit.start(app, element, { node_ids: [0, 12], data: [null,{type:"data",data:{formState:{query:"",severity:[],vendor:[],cwe:[],kev:false,minCvss:"",publishedSince:"",similarTo:"CVE-2026-24710",offset:0},results:{results:[{cveId:"CVE-2026-24710",score:.01639344262295082,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.06243,publishedAt:"2026-05-14T15:16:44.710Z",vendors:["northern.tech"],snippet:"Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS."},{cveId:"CVE-2026-33553",score:.016129032258064516,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.06243,publishedAt:"2026-06-02T20:16:34.497Z",vendors:[],snippet:"Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS."},{cveId:"CVE-2024-55958",score:.015873015873015872,severity:"MEDIUM",cvssBase:4.8,kevListed:false,epssPercentile:.2863,publishedAt:"2025-01-21T21:15:11.200Z",vendors:[],snippet:"Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6."},{cveId:"CVE-2026-49074",score:.015625,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.07184,publishedAt:"2026-06-17T13:20:45.537Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in JetEngine \u003C= 3.8.9.1 versions."},{cveId:"CVE-2026-54189",score:.015384615384615385,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.04247,publishedAt:"2026-06-17T13:20:50.393Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in JetEngine \u003C= 3.8.10 versions."},{cveId:"CVE-2026-54188",score:.015151515151515152,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.04247,publishedAt:"2026-06-17T13:20:50.270Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in JetEngine \u003C= 3.8.10 versions."},{cveId:"CVE-2026-24711",score:.014925373134328358,severity:"MEDIUM",cvssBase:5.3,kevListed:false,epssPercentile:.1092,publishedAt:"2026-05-14T15:16:44.860Z",vendors:["northern.tech"],snippet:"Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control."},{cveId:"CVE-2025-59712",score:.014705882352941176,severity:"MEDIUM",cvssBase:5.4,kevListed:false,epssPercentile:.14709,publishedAt:"2025-09-19T03:15:37.920Z",vendors:["snipeitapp"],snippet:"Snipe-IT before 8.1.18 allows XSS."},{cveId:"CVE-2026-39435",score:.014492753623188406,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.07169,publishedAt:"2026-06-15T21:16:42.590Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in CformsII \u003C= 15.1.3 versions."},{cveId:"CVE-2026-54191",score:.014285714285714285,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.04245,publishedAt:"2026-06-16T10:16:28.483Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in Pods \u003C= 3.3.8 versions."},{cveId:"CVE-2025-68851",score:.014084507042253521,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.08358,publishedAt:"2026-06-15T21:16:38.443Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit \u003C= 2.3 versions."},{cveId:"CVE-2026-24712",score:.013888888888888888,severity:"HIGH",cvssBase:7.3,kevListed:false,epssPercentile:.55783,publishedAt:"2026-05-14T15:16:44.977Z",vendors:["northern.tech"],snippet:"Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection."},{cveId:"CVE-2022-29531",score:.0136986301369863,severity:"MEDIUM",cvssBase:5.4,kevListed:false,epssPercentile:null,publishedAt:"2022-04-20T23:15:08.557Z",vendors:["misp-project"],snippet:"An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name."},{cveId:"CVE-2024-53408",score:.013513513513513514,severity:"MEDIUM",cvssBase:5.4,kevListed:false,epssPercentile:.16581,publishedAt:"2025-02-27T20:16:01.790Z",vendors:[],snippet:"AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability."},{cveId:"CVE-2025-31428",score:.013333333333333334,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.11863,publishedAt:"2025-06-27T12:15:35.643Z",vendors:[],snippet:"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through \u003C= 2.8."},{cveId:"CVE-2026-22328",score:.013157894736842105,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.15457,publishedAt:"2026-06-17T13:20:06.593Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in Auto Repair \u003C= 22.6 versions."},{cveId:"CVE-2026-40720",score:.012987012987012988,severity:"HIGH",cvssBase:7.1,kevListed:false,epssPercentile:.07181,publishedAt:"2026-06-17T14:17:51.870Z",vendors:[],snippet:"Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro \u003C 1.7.1041 versions."},{cveId:"CVE-2025-48206",score:.01282051282051282,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.09719,publishedAt:"2025-05-21T16:15:33.113Z",vendors:["nitsantech"],snippet:"The ns_backup extension through 13.0.0 for TYPO3 allows XSS."},{cveId:"CVE-2024-51434",score:.012658227848101266,severity:"MEDIUM",cvssBase:6.1,kevListed:false,epssPercentile:.26357,publishedAt:"2024-11-07T22:15:21.467Z",vendors:[],snippet:"Inconsistent \u003Cplaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier."},{cveId:"CVE-2024-42020",score:.0125,severity:"MEDIUM",cvssBase:5.4,kevListed:false,epssPercentile:.30212,publishedAt:"2024-09-07T17:15:14.127Z",vendors:["veeam"],snippet:"A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection."}],truncated:true}},uses:{search_params:["q","similarTo","severity","vendor","cwe","kev","minCvss","publishedSince","offset","product","epss"]}}], form: null, error: null }); }); } </script> </div> </body> </html>