Search Results (363299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25475 1 Smart Youtube Pro Project 1 Smart Youtube Pro 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions.
CVE-2023-25474 1 About Me 3000 Widget Project 1 About Me 3000 Widget 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions.
CVE-2023-25473 1 Flickr Justified Gallery Project 1 Flickr Justified Gallery 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions.
CVE-2023-25471 1 Webcodin 1 Wcp Openweather 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions.
CVE-2023-25470 1 Rus-to-lat Project 1 Rus-to-lat 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions.
CVE-2023-25468 1 Pvmg 1 Reservation.studio 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
CVE-2023-25467 1 Resize At Upload Plus Project 1 Resize At Upload Plus 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.
CVE-2023-25463 1 Gopiplus 1 Wp-tell-a-friend-popup-form 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.
CVE-2023-25459 1 Postsnippets 1 Post Snippets 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.
CVE-2023-25456 1 Klaviyo 1 Klaviyo 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions.
CVE-2023-25453 1 Iansadowsky 1 Wordpress Tables 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions.
CVE-2023-25450 1 Givewp 1 Givewp 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
CVE-2023-25449 1 Cformsii Project 1 Cformsii 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.
CVE-2023-25443 1 Wow-company 1 Button Generator 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.
CVE-2023-25442 1 Zeno Font Resizer Project 1 Zeno Font Resizer 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.
CVE-2023-25432 1 Online Reviewer Management System Project 1 Online Reviewer Management System 2024-11-21 7.2 High
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.
CVE-2023-25399 1 Scipy 1 Scipy 2024-11-21 5.5 Medium
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
CVE-2023-25395 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
CVE-2023-25330 1 Mybatis 1 Mybatis 2024-11-21 9.8 Critical
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
CVE-2023-25230 1 Loonflow Project 1 Loonflow 2024-11-21 4.9 Medium
A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter.