CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-32496	1 Stopbadbots	1 Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.
CVE-2023-32445	1 Apple	6 Ipados, Iphone Os, Macos and 3 more	2024-11-21	6.1 Medium
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
CVE-2023-32339	1 Ibm	1 Cloud Pak For Business Automation	2024-11-21	6.1 Medium
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587.
CVE-2023-32332	1 Ibm	2 Maximo Application Suite, Maximo Asset Management	2024-11-21	5.4 Medium
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.
CVE-2023-32300	1 Yoast	1 Yoast Seo	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.
CVE-2023-32298	1 Helgatheviking	1 Simple User Listing	2024-11-21	6.1 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin <= 1.9.2 versions.
CVE-2023-32296	1 Kangu	1 Kangu	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <= 2.2.9 versions.
CVE-2023-32294	1 Radicalwebdesign	1 Gdpr Cookie Consent Notice Box	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions.
CVE-2023-32292	1 Getbutton	1 Chat Button	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.
CVE-2023-32291	1 Monsterinsights	1 Monsterinsights	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1.
CVE-2023-32241	1 Wpdeveloper	1 Essential Addons For Elementor	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.
CVE-2023-32239	1 Xtemos	1 Woodmart Theme	2024-11-21	5.4 Medium
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
CVE-2023-32237			2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
CVE-2023-32236	1 Bookingultrapro	1 Appointments Booking Calendar	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.
CVE-2023-32227	1 Synel	2 Synergy\/a, Synergy\/a Firmware	2024-11-21	9.8 Critical
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
CVE-2023-32130	1 Danielpowney	1 Multi Rating	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
CVE-2023-32122	1 Spiffyplugins	1 Spiffy Calendar	2024-11-21	5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
CVE-2023-32119	1 Wpo365	1 Mail Integration For Office 365 \/ Outlook	2024-11-21	5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 \| Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions.
CVE-2023-32118	1 Wpoperation	1 Salert - Fake Sales Notification Woocommerce	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions.
CVE-2023-32116	1 Totalpress	1 Custom Post Types	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.

« first previous Page 1469 of 2148. next last »