CVE Database

15+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

15 results for "CWE-79"

CVE-2025-68385
7.2 HIGH

Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be …

Dec 18, 2025
CVE-2025-55047
8.4 HIGH

CWE-798 Use of Hard-coded Credentials

Sep 9, 2025
CVE-2024-26006
7.5 HIGH

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below …

Mar 14, 2025
CVE-2023-37933
8.8 HIGH

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows …

Mar 11, 2025
CVE-2024-47925
7.5 HIGH

Tecnick TCExam – Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dec 30, 2024
CVE-2024-47924
7.5 HIGH

Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dec 30, 2024
CVE-2024-47920
7.5 HIGH

Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dec 30, 2024
CVE-2024-47917
7.5 HIGH

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dec 30, 2024
CVE-2024-50376
7.3 HIGH

A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD …

Nov 26, 2024
CVE-2024-45254
7.5 HIGH

VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Nov 14, 2024
CVE-2024-31199
8.8 HIGH

A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code.

Jul 31, 2024
CVE-2024-0865
7.8 HIGH

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.

Jun 12, 2024
CVE-2024-2050
8.2 HIGH

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the …

Mar 18, 2024
CVE-2023-5456
8.1 HIGH

A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service …

Mar 5, 2024
CVE-2023-6409
7.7 HIGH

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with …

Feb 14, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.

Website Scanner Port Scanner