Total
277601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47173 | 1 Advancedformintegration | 1 Advanced Form Integration | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions. | ||||
| CVE-2023-25992 | 1 Cminds | 1 Cm Answers | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions. | ||||
| CVE-2022-30705 | 1 Wordpress Ping Optimizer Project | 1 Wordpress Ping Optimizer | 2025-01-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions. | ||||
| CVE-2022-47146 | 1 Contempothemes | 1 Real Estate 7 | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions. | ||||
| CVE-2023-22707 | 1 Greenshiftwp | 1 Greenshift - Animation And Page Builder Blocks | 2025-01-10 | 5.9 Medium |
| Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions. | ||||
| CVE-2022-45825 | 1 Liquidweb | 1 Wpcomplete | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions. | ||||
| CVE-2022-45831 | 1 Oxilab | 1 Image Hover Effects For Elementor With Lightbox And Flipbox | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions. | ||||
| CVE-2024-7886 | 1 Scootersoftware | 1 Beyond Compare | 2025-01-10 | 7.8 High |
| A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it. | ||||
| CVE-2024-56113 | 2025-01-10 | N/A | ||
| Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | ||||
| CVE-2024-13295 | 2025-01-10 | 6.6 Medium | ||
| Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3. | ||||
| CVE-2024-13294 | 2025-01-10 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. | ||||
| CVE-2024-13293 | 2025-01-10 | 3.1 Low | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. | ||||
| CVE-2024-13291 | 2025-01-10 | 7.3 High | ||
| Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | ||||
| CVE-2023-3026 | 1 Diagrams | 1 Drawio | 2025-01-10 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. | ||||
| CVE-2023-32181 | 1 Opensuse | 1 Libeconf | 2025-01-10 | 3.3 Low |
| A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. | ||||
| CVE-2023-29543 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | 8.8 High |
| An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||||
| CVE-2023-29541 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Focus and 6 more | 2025-01-10 | 8.8 High |
| Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | ||||
| CVE-2023-23602 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-10 | 6.5 Medium |
| A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | ||||
| CVE-2023-22652 | 2 Opensuse, Redhat | 2 Libeconf, Enterprise Linux | 2025-01-10 | 3.3 Low |
| A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. | ||||
| CVE-2023-20884 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Cloud Foundation and 3 more | 2025-01-10 | 6.1 Medium |
| VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | ||||