Export limit exceeded: 23403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0238 | 1 Myeventon | 1 Eventon | 2025-06-02 | 6.1 Medium |
| The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. | ||||
| CVE-2024-0237 | 1 Myeventon | 1 Eventon | 2025-06-02 | 5.3 Medium |
| The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc | ||||
| CVE-2023-7083 | 1 Davidjmiller | 1 Voting Record | 2025-06-02 | 5.4 Medium |
| The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2023-6732 | 1 Supsystic | 1 Ultimate Maps | 2025-06-02 | 4.8 Medium |
| The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2023-6292 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2025-06-02 | 4.3 Medium |
| The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-5922 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-06-02 | 7.5 High |
| The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content | ||||
| CVE-2023-52069 | 1 Kodcloud | 1 Kodbox | 2025-06-02 | 5.4 Medium |
| kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter. | ||||
| CVE-2023-51217 | 1 Tenhot | 2 Tws-200, Tws-200 Firmware | 2025-06-02 | 8.8 High |
| An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component. | ||||
| CVE-2023-50614 | 1 Cdebyte | 2 E880-ir01, E880-ir01 Firmware | 2025-06-02 | 7.5 High |
| An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. | ||||
| CVE-2023-50028 | 1 Prestashopmodules | 1 Sliding Cart Block | 2025-06-02 | 9.8 Critical |
| In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. | ||||
| CVE-2023-49943 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-06-02 | 5.4 Medium |
| Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | ||||
| CVE-2023-48858 | 1 Abocms | 1 Abo.cms | 2025-06-02 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part. | ||||
| CVE-2023-48345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-02 | 5.5 Medium |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2023-46952 | 1 Abocms | 1 Abo.cms | 2025-06-02 | 6.1 Medium |
| Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header. | ||||
| CVE-2023-2252 | 1 Wpwax | 1 Directorist | 2025-06-02 | 2.7 Low |
| The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | ||||
| CVE-2023-27168 | 1 Xpand-it | 1 Write-back Manager | 2025-06-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | ||||
| CVE-2023-0769 | 1 Hiweb | 1 Migration Simple | 2025-06-02 | 6.1 Medium |
| The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | ||||
| CVE-2023-0376 | 1 Themeum | 1 Qubely | 2025-06-02 | 5.4 Medium |
| The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-49107 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2025-06-02 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. | ||||
| CVE-2011-10005 | 1 Easyftp Server Project | 1 Easyftp Server | 2025-06-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716. | ||||