Total
277667 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2304 | 1 Favorites Project | 1 Favorites | 2025-01-13 | 6.4 Medium |
| The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-40300 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-01-13 | 9.8 Critical |
| Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | ||||
| CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-01-13 | 9.8 Critical |
| Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | ||||
| CVE-2024-57213 | 2025-01-13 | 6.3 Medium | ||
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. | ||||
| CVE-2024-54996 | 2025-01-13 | 8.8 High | ||
| MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create. | ||||
| CVE-2024-52937 | 2025-01-13 | 6.7 Medium | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-52333 | 2025-01-13 | 8.4 High | ||
| An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-47796 | 2025-01-13 | 8.4 High | ||
| An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-33298 | 2025-01-13 | 6.1 Medium | ||
| Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | ||||
| CVE-2022-45353 | 1 Muffingroup | 1 Betheme | 2025-01-13 | 4.3 Medium |
| Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | ||||
| CVE-2022-30544 | 1 Hyumika | 1 Openstreetmap | 2025-01-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. | ||||
| CVE-2022-42462 | 1 Ip Blacklist Cloud Project | 1 Ip Blacklist Cloud | 2025-01-13 | 4.8 Medium |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. | ||||
| CVE-2022-40697 | 1 3commarketing | 1 3com-asesor-de-cookies | 2025-01-13 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions. | ||||
| CVE-2023-22721 | 1 Oi Yandex.maps Project | 1 Oi Yandex.maps | 2025-01-13 | 6.5 Medium |
| Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions. | ||||
| CVE-2023-23687 | 1 Youtube Shortcode Project | 1 Youtube Shortcode | 2025-01-13 | 6.5 Medium |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions. | ||||
| CVE-2022-45820 | 1 Thimpress | 1 Learnpress | 2025-01-13 | 9.1 Critical |
| SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | ||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2025-01-13 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | ||||
| CVE-2022-44585 | 1 Magneticlab | 1 Homepage Pop-up | 2025-01-13 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | ||||
| CVE-2022-40692 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2025-01-13 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | ||||
| CVE-2022-45067 | 1 Devscred | 1 Exclusive Addons For Elementor | 2025-01-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | ||||