Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (323535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28791 1 Webtechforce 1 Simple Org Chart 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
CVE-2023-28790 1 Simple Staff List Project 1 Simple Staff List 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.
CVE-2023-28788 1 Pagevisitcounter 1 Advanced Page Visit Counter 2024-11-21 7.1 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2.
CVE-2023-28786 1 Solidwp 1 Solid Security 2024-11-21 3.7 Low
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.
CVE-2023-28785 1 Yoast 1 Yoast Seo 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.
CVE-2023-28784 1 Contest-gallery 1 Contest Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
CVE-2023-28783 1 Phpradar 1 Woocommerce Tip\/donation 2024-11-21 5.9 Medium
Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.
CVE-2023-28782 1 Gravityforms 1 Gravity Forms 2024-11-21 8.3 High
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3.
CVE-2023-28780 1 Yoast 1 Yoast Local Seo 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.
CVE-2023-28779 1 Simplecoding 1 Terms Descriptions 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.
CVE-2023-28778 1 Bestwebsoft 1 Pagination 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.
CVE-2023-28777 1 Learndash 1 Learndash 2024-11-21 8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.
CVE-2023-28776 1 I13websolution 1 Continuous Image Carousel With Lightbox 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
CVE-2023-28775 1 Yoast 1 Yoast Seo 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.
CVE-2023-28774 1 Grade 1 Review Stream 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.
CVE-2023-28773 1 Kolja-nolte 1 Secondary Title 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions.
CVE-2023-28768 1 Zyxel 22 Xgs2220-30, Xgs2220-30 Firmware, Xgs2220-30f and 19 more 2024-11-21 6.5 Medium
Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.
CVE-2023-28767 1 Zyxel 47 Atp Series Firmware, Usg 20w-vpn, Usg 20w-vpn Firmware and 44 more 2024-11-21 8.8 High
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
CVE-2023-28750 1 Albo Pretorio On Line Project 1 Albo Pretorio On Line 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions.
CVE-2023-28749 1 Cminds 1 Cm On Demand Search And Replace 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.