Export limit exceeded: 45478 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45478 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34415 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8. | ||||
| CVE-2024-34417 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.This issue affects Viet Nam Affiliate: from n/a through 1.0.0. | ||||
| CVE-2024-34418 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a through 1.1. | ||||
| CVE-2024-12907 | 1 Kentico | 1 Kentico Cms | 2026-04-15 | N/A |
| Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability. | ||||
| CVE-2024-34419 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0. | ||||
| CVE-2024-34426 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5. | ||||
| CVE-2024-10025 | 1 Sick | 52 Clv620 Firmware, Clv621 Firmware, Clv622 Firmware and 49 more | 2026-04-15 | 9.1 Critical |
| A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. | ||||
| CVE-2024-10034 | 2026-04-15 | 5.5 Medium | ||
| The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-35775 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6. | ||||
| CVE-2024-10056 | 2026-04-15 | 6.4 Medium | ||
| The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-34428 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harknell AWSOM News Announcement allows Stored XSS.This issue affects AWSOM News Announcement: from n/a through 1.6.0. | ||||
| CVE-2024-34429 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data allows Stored XSS.This issue affects Corona Virus (COVID-19) Banner & Live Data: from n/a through 1.8.0.2. | ||||
| CVE-2024-10108 | 2026-04-15 | 7.2 High | ||
| The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10112 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3951 | 2026-04-15 | 7.1 High | ||
| PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. | ||||
| CVE-2024-10147 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-28907 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahul Arora WP Last Modified wp-last-modified allows Stored XSS.This issue affects WP Last Modified: from n/a through <= 0.1. | ||||
| CVE-2024-10175 | 2026-04-15 | 6.4 Medium | ||
| The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10176 | 1 Tipsandtricks-hq | 1 Compact Wp Audio Player | 2026-04-15 | 6.4 Medium |
| The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-50418 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Time Slot Booking Time Slot timeslot allows DOM-Based XSS.This issue affects Time Slot: from n/a through <= 1.3.6. | ||||