Export limit exceeded: 345168 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45457 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46126 | 1 Ethyca | 1 Fides | 2024-11-21 | 3.9 Low |
| Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version `2.22.1`. | ||||
| CVE-2023-46102 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 8.8 High |
| The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | ||||
| CVE-2023-46094 | 1 Conversios | 1 Google Analytics Integration For Woocommerce | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.3 versions. | ||||
| CVE-2023-46093 | 1 Lionscripts | 1 Webmaster Tools | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions. | ||||
| CVE-2023-46091 | 1 Bala-krishna | 1 Category Seo Meta Tags | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. | ||||
| CVE-2023-46090 | 1 Web-dorado | 1 Wdsocialwidgets | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | ||||
| CVE-2023-46081 | 1 Lava-code | 1 Lava Directory Manager | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | ||||
| CVE-2023-46077 | 1 Arrowplugins | 1 The Awesome Feed | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | ||||
| CVE-2023-46076 | 1 Rednao | 1 Woocommerce Pdf Invoice Builder | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions. | ||||
| CVE-2023-46075 | 1 Wpdevart | 1 Contact Form Builder | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions. | ||||
| CVE-2023-46074 | 1 Borbis | 1 Freshmail For Wordpress | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions. | ||||
| CVE-2023-46072 | 1 Add Shortcodes Actions And Filters Project | 1 Add Shortcodes Actions And Filters | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | ||||
| CVE-2023-46071 | 1 Clickdatos | 1 Proteccion De Datos Rgpd | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions. | ||||
| CVE-2023-46070 | 1 Egeorjon | 1 Eg-attachments | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions. | ||||
| CVE-2023-46069 | 1 Osmansorkar | 1 Ajax Archive Calendar | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions. | ||||
| CVE-2023-46068 | 1 Maileon | 1 Maileon | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions. | ||||
| CVE-2023-46066 | 1 Codedraft | 1 Mediabay - Wordpress Media Library Folders | 2024-11-21 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions. | ||||
| CVE-2023-46059 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component. | ||||
| CVE-2023-46058 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component. | ||||
| CVE-2023-46054 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | ||||