Total
277501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47690 | 1 Antonbond | 1 Additional Order Filters For Woocommerce | 2025-01-08 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions. | ||||
| CVE-2023-47684 | 1 Themepunch | 1 Essential Grid | 2025-01-08 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions. | ||||
| CVE-2023-47680 | 1 Qodeinteractive | 1 Qi Addons For Elementor | 2025-01-08 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions. | ||||
| CVE-2023-32715 | 1 Splunk | 1 Splunk App For Lookup File Editing | 2025-01-08 | 4.7 Medium |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will. | ||||
| CVE-2023-32716 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-01-08 | 6.5 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. | ||||
| CVE-2025-22143 | 2025-01-08 | N/A | ||
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-01-08 | 4.3 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | ||||
| CVE-2023-47673 | 1 Thecrowned | 1 Post Pay Counter | 2025-01-08 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano Ottolenghi Post Pay Counter plugin <= 2.784 versions. | ||||
| CVE-2024-38218 | 1 Microsoft | 1 Edge Chromium | 2025-01-08 | 8.4 High |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | ||||
| CVE-2023-47665 | 1 Plainviewplugins | 1 Plainview Protect Passwords | 2025-01-08 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions. | ||||
| CVE-2023-34339 | 1 Jetbrains | 1 Ktor | 2025-01-08 | 3.3 Low |
| In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | ||||
| CVE-2024-7092 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 6.4 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-38163 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2023-47662 | 1 Goldbroker | 1 Live Gold Price \& Silver Price Charts Widgets | 2025-01-08 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 versions. | ||||
| CVE-2024-1567 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 8.2 High |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible. | ||||
| CVE-2025-20168 | 2025-01-08 | 5.4 Medium | ||
| A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-20167 | 2025-01-08 | 5.4 Medium | ||
| A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-7063 | 1 Wpmet | 1 Elementskit | 2025-01-08 | 4.3 Medium |
| The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts. | ||||
| CVE-2024-7064 | 1 Wpmet | 1 Elementskit | 2025-01-08 | 6.4 Medium |
| The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-20166 | 2025-01-08 | 5.4 Medium | ||
| A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||