Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33368 1 Assaabloy 1 Control Id Idsecure 2024-11-21 6.5 Medium
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
CVE-2023-33367 1 Assaabloy 1 Control Id Idsecure 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.
CVE-2023-33366 1 Supremainc 1 Biostar 2 2024-11-21 8.8 High
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.
CVE-2023-33365 1 Supremainc 1 Biostar 2 2024-11-21 7.5 High
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.
CVE-2023-33364 1 Supremainc 1 Biostar 2 2024-11-21 8.8 High
An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.
CVE-2023-33363 1 Supremainc 1 Biostar 2 2024-11-21 7.5 High
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.
CVE-2023-33356 1 Thecosy 1 Icecms 2024-11-21 5.4 Medium
IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-33332 1 Woocommerce Product Vendors Project 1 Woocommerce Product Vendors 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.
CVE-2023-33329 1 Custom Post Type Generator Project 1 Custom Post Type Generator 2024-11-21 5.9 Medium
Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <= 2.4.2 versions.
CVE-2023-33328 1 Pluginops 1 Mailchimp Subscribe Form 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Form plugin <= 4.0.9.1 versions.
CVE-2023-33326 1 Metagauss 1 Eventprime 2024-11-21 7.1 High
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
CVE-2023-33325 1 Te-st 1 Leyka 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.
CVE-2023-33323 1 Reputeinfosystems 1 Armember 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.
CVE-2023-33319 1 Woocommerce 1 Automatewoo 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
CVE-2023-33317 1 Woocommerce 1 Returns And Warranty Requests 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
CVE-2023-33316 1 Woocommerce 1 Automatewoo 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
CVE-2023-33315 1 Wandlesoftware 1 Smart App Banner 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions.
CVE-2023-33313 1 Themeinprogress 1 Wip Custom Login 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.
CVE-2023-33312 1 Easy Captcha Project 1 Easy Captcha 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.
CVE-2023-33311 1 Crmperks 1 Contact Form Entries - Contact Form 7 Wpforms And More 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.