Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (357830 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-47808 1 Christinauechi 1 Add Widgets To Page 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions.
CVE-2023-47801 1 Clickstudios 1 Passwordstate 2024-11-21 4.7 Medium
An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.
CVE-2023-47800 1 Natus 2 Neuroworks Eeg, Sleepworks 2024-11-21 9.8 Critical
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
CVE-2023-47797 1 Liferay 1 Liferay Portal 2024-11-21 9.6 Critical
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
CVE-2023-47792 1 Infiniteuploads 1 Big File Uploads 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions.
CVE-2023-47791 1 Leadster 1 Leadster 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.
CVE-2023-47790 1 Popozure 1 Pz-linkcard 2024-11-21 7.1 High
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.
CVE-2023-47786 1 Layerslider 1 Layerslider 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <= 7.7.9 versions.
CVE-2023-47781 1 Thrivethemes 1 Thrive Themes Builder 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions.
CVE-2023-47775 1 Gvectors 1 Wpdiscuz 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
CVE-2023-47773 1 Yasglobal 1 Permalinks Customizer 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
CVE-2023-47772 1 Themepunch 1 Slider Revolution 2024-11-21 6.5 Medium
Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.
CVE-2023-47768 1 Diywebmastery 1 Footer Putter 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.
CVE-2023-47767 1 Fla-shop 1 Interactive World Map 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
CVE-2023-47766 1 Ifeelweb 1 Post Status Notifier Lite 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.
CVE-2023-47765 1 Codebard 1 Codebard\'s Patron Button And Widgets For Patreon 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.
CVE-2023-47758 1 Mondula 1 Multi Step Form 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.
CVE-2023-47755 1 Aazztech 1 Woocommerce Product Carousel Slider 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.
CVE-2023-47741 1 Ibm 2 Db2 Mirror For I, I 2024-11-21 5.3 Medium
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.
CVE-2023-47722 1 Ibm 1 Api Connect 2024-11-21 6.2 Medium
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.