Total
276812 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2972 | 1 Antfu | 1 Utils | 2025-01-10 | 9.8 Critical |
| Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3. | ||||
| CVE-2022-44734 | 1 Bestwebsoft | 1 Car Rental | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. | ||||
| CVE-2022-45849 | 1 Colorlib | 1 Activello Theme | 2025-01-10 | 5.4 Medium |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | ||||
| CVE-2022-45838 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2025-01-10 | 6.1 Medium |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions. | ||||
| CVE-2022-45839 | 1 Webhelpagency | 1 Wha Puzzle | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | ||||
| CVE-2022-44632 | 1 Content-repeater Project | 1 Content-repeater | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin <= 1.1.13 versions. | ||||
| CVE-2022-45836 | 1 Wpdownloadmanager | 1 Download Manager | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. | ||||
| CVE-2022-44631 | 1 1app | 1 1app Business Forms | 2025-01-10 | 4.8 Medium |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions. | ||||
| CVE-2022-44582 | 1 Apptivo | 1 Apptivo Business Site Crm | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions. | ||||
| CVE-2024-50339 | 1 Glpi-project | 1 Glpi | 2025-01-10 | 5.3 Medium |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2022-44594 | 1 Codebangers | 1 All In One Time Clock Lite | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions. | ||||
| CVE-2023-24584 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2025-01-10 | 7.5 High |
| Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. | ||||
| CVE-2022-47435 | 1 Wp-olivecart Project | 1 Wp-olivecart | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | ||||
| CVE-2023-24386 | 1 Ai Contact Us Form Project | 1 Ai Contact Us Form | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions. | ||||
| CVE-2023-24404 | 1 Rarathemes | 1 Vryasage Marketing Performance | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | ||||
| CVE-2022-45361 | 1 0mk Shortener Project | 1 0mk Shortener | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | ||||
| CVE-2023-23832 | 1 Ultimate Wp Query Search Filter Project | 1 Ultimate Wp Query Search Filter | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions. | ||||
| CVE-2023-23717 | 1 Portfolio Slideshow Project | 1 Portfolio Slideshow | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. | ||||
| CVE-2023-3028 | 1 Hopechart | 2 Hqt401, Hqt401 Firmware | 2025-01-10 | 8.6 High |
| Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: - The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. - The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. - The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location. - The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend. The confirmed version is 201808021036, however further versions have been also identified as potentially impacted. | ||||
| CVE-2023-23827 | 1 Google Maps V3 Shortcode Project | 1 Google Maps V3 Shortcode | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions. | ||||