Export limit exceeded: 335343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335343 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10563 | 1 Prontotools | 1 Woo Cart Count Shortcode | 2025-05-20 | 5.4 Medium |
| The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-12737 | 1 Wp-base | 1 Wp Base Booking Of Appointments\, Services And Events | 2025-05-20 | 6.1 Medium |
| The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13629 | 1 Csimplifyit | 1 Pushbiz | 2025-05-20 | 6.1 Medium |
| The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13630 | 1 Mahinsha | 1 Newsticker | 2025-05-20 | 6.1 Medium |
| The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13631 | 1 Sanditsolution | 1 Om Stripe | 2025-05-20 | 7.1 High |
| The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13632 | 1 Sprintexperts | 1 Wp Extra Fields | 2025-05-20 | 7.1 High |
| The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13633 | 1 Fb-creations | 1 Simple Catalogue | 2025-05-20 | 7.1 High |
| The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13634 | 1 Wphobby | 1 Post Sync | 2025-05-20 | 6.1 Medium |
| The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2021-43361 | 1 Meddata | 1 Hbys | 2025-05-20 | 9.9 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | ||||
| CVE-2021-43362 | 1 Meddata | 1 Hbys | 2025-05-20 | 9.9 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | ||||
| CVE-2022-3355 | 1 Inventree Project | 1 Inventree | 2025-05-20 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. | ||||
| CVE-2024-13678 | 1 Rcabarreto1 | 1 R3w Instafeed | 2025-05-20 | 6.1 Medium |
| The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-56408 | 1 Phpoffice | 1 Phpspreadsheet | 2025-05-20 | 5.4 Medium |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to the possibility of a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | ||||
| CVE-2023-50976 | 1 Redpanda | 1 Redpanda | 2025-05-20 | 9.8 Critical |
| Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. | ||||
| CVE-2022-41870 | 1 Innovaphone | 1 Innovaphone Firmware | 2025-05-20 | 7.2 High |
| AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | ||||
| CVE-2022-40408 | 1 Feehi | 1 Feehicms | 2025-05-20 | 5.4 Medium |
| FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. | ||||
| CVE-2022-40314 | 1 Moodle | 1 Moodle | 2025-05-20 | 9.8 Critical |
| A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | ||||
| CVE-2022-40313 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | 7.1 High |
| Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | ||||
| CVE-2022-40277 | 3 Canonical, Joplinapp, Linux | 3 Ubuntu Linux, Joplin, Linux Kernel | 2025-05-20 | 7.8 High |
| Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function. | ||||
| CVE-2022-40274 | 2 Gridea, Linux | 2 Gridea, Linux Kernel | 2025-05-20 | 7.8 High |
| Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled. | ||||