Export limit exceeded: 346662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45839 | 1 Webhelpagency | 1 Wha Puzzle | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | ||||
| CVE-2022-44632 | 1 Content-repeater Project | 1 Content-repeater | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin <= 1.1.13 versions. | ||||
| CVE-2022-44631 | 1 1app | 1 1app Business Forms | 2025-01-10 | 4.8 Medium |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions. | ||||
| CVE-2022-44582 | 1 Apptivo | 1 Apptivo Business Site Crm | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions. | ||||
| CVE-2024-50339 | 1 Glpi-project | 1 Glpi | 2025-01-10 | 5.3 Medium |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2022-44594 | 1 Codebangers | 1 All In One Time Clock Lite | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions. | ||||
| CVE-2022-47435 | 1 Wp-olivecart Project | 1 Wp-olivecart | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | ||||
| CVE-2023-24386 | 1 Ai Contact Us Form Project | 1 Ai Contact Us Form | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions. | ||||
| CVE-2023-24404 | 1 Rarathemes | 1 Vryasage Marketing Performance | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | ||||
| CVE-2022-45361 | 1 0mk Shortener Project | 1 0mk Shortener | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | ||||
| CVE-2023-23832 | 1 Ultimate Wp Query Search Filter Project | 1 Ultimate Wp Query Search Filter | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions. | ||||
| CVE-2023-23717 | 1 Portfolio Slideshow Project | 1 Portfolio Slideshow | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. | ||||
| CVE-2023-23827 | 1 Google Maps V3 Shortcode Project | 1 Google Maps V3 Shortcode | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions. | ||||
| CVE-2023-23817 | 1 Simple Pdf Viewer Project | 1 Simple Pdf Viewer | 2025-01-10 | 6.5 Medium |
| Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions. | ||||
| CVE-2023-23816 | 1 Sitemap Index Project | 1 Sitemap Index | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions. | ||||
| CVE-2023-23806 | 1 Wordpress Custom Settings Project | 1 Wordpress Custom Settings | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions. | ||||
| CVE-2023-25451 | 1 Wpchill | 1 Cpo Content Types | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | ||||
| CVE-2022-4333 | 1 Sprecher-automation | 18 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 15 more | 2025-01-10 | 9.8 Critical |
| Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines. | ||||
| CVE-2022-47617 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2025-01-10 | 7.2 High |
| Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | ||||
| CVE-2023-2470 | 1 Add To Feedly Project | 1 Add To Feedly | 2025-01-10 | 4.8 Medium |
| The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||