CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (360939 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-41879	1 Openmage	1 Magento	2024-11-21	7.5 High
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
CVE-2023-41878	1 Metersphere	1 Metersphere	2024-11-21	4.6 Medium
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-41876	1 Wp Gallery Metabox Project	1 Wp Gallery Metabox	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.
CVE-2023-41874	1 Tychesoftwares	1 Order Delivery Date For Woocommerce	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.
CVE-2023-41872	1 Xtemos	1 Woodmart	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.
CVE-2023-41871	1 Ays-pro	1 Poll Maker	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.
CVE-2023-41868	1 Codestag	1 Stagtools	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.
CVE-2023-41867	1 Acymailing	1 Acymailing	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.
CVE-2023-41863	1 Peprodev	1 Peprodev Cf7 Database	2024-11-21	7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions.
CVE-2023-41861	1 Tickera	1 Restrict	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions.
CVE-2023-41860	1 Travelmap	1 Travelmap	2024-11-21	5.8 Medium
Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions.
CVE-2023-41858	1 Tychesoftwares	1 Order Delivery Date For Woocommerce	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
CVE-2023-41856	1 Clicktotweet	1 Click To Tweet	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions.
CVE-2023-41855	1 Regpacks	1 Regpack	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.
CVE-2023-41854	1 Wpcentral	1 Wpcentral	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.
CVE-2023-41853	1 Wpicalavailability	1 Wp Ical Availability	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.
CVE-2023-41852	1 Mailmunch	1 Mailmunch	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.
CVE-2023-41851	1 Dotsquares	1 Wp Custom Post Template	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.
CVE-2023-41850	1 Sparro	1 Outbound Link Manager	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.
CVE-2023-41847	1 Wensolutions	1 Notice Bar	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.

« first previous Page 12644 of 18047. next last »