Total
263555 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44239 | 1 Walkswithme | 1 Social Share On Image Hover | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions. | ||||
| CVE-2023-44244 | 1 Fooplugins | 1 Foogallery | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions. | ||||
| CVE-2023-44477 | 1 Boxystudio | 1 Cooked | 2024-09-20 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. | ||||
| CVE-2023-44474 | 1 Md Jakir Hosen | 1 Tiger Forms - Drag And Drop Form Builder | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions. | ||||
| CVE-2023-41856 | 1 Clicktotweet | 1 Click To Tweet | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions. | ||||
| CVE-2024-47060 | 2024-09-20 | 4.3 Medium | ||
| Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized access. Additionally, if a project was deactivated access to applications was also still possible. The issue stems from the fact that when an organization is deactivated in Zitadel, the applications associated with it do not automatically deactivate. The application lifecycle is not tightly coupled with the organization's lifecycle, leading to a situation where the organization or project is marked as inactive, but its resources remain accessible. This vulnerability allows for unauthorized access to projects and their resources, which should have been restricted post-organization deactivation. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly disable the application to make sure the client is not allowed anymore. | ||||
| CVE-2023-41691 | 1 Pensopay | 1 Woocommerce Pensopay | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions. | ||||
| CVE-2023-39308 | 1 Userfeedback | 1 Userfeedback | 2024-09-20 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions. | ||||
| CVE-2024-9031 | 1 Codecanyon | 1 Crmgo Saas | 2024-09-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-41855 | 1 Regpacks | 1 Regpack | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions. | ||||
| CVE-2023-5323 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-09-20 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | ||||
| CVE-2023-41847 | 1 Wensolutions | 1 Notice Bar | 2024-09-20 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions. | ||||
| CVE-2023-41800 | 1 Uniconsent | 1 Cmp For Gdpr Cpra Gpp Tcf | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions. | ||||
| CVE-2023-41797 | 1 Goldplugins | 1 Locations | 2024-09-20 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions. | ||||
| CVE-2023-41737 | 1 Wpgens | 1 Swifty Bar | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions. | ||||
| CVE-2023-41736 | 1 Gopiplus | 1 Email Posts To Subscribers | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions. | ||||
| CVE-2023-27584 | 1 Dragonflyoss | 1 Dragonfly2 | 2024-09-20 | 9.8 Critical |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-50883 | 1 Onlyoffice | 2 Docs, Document Server | 2024-09-20 | 6.1 Medium |
| ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446. | ||||
| CVE-2023-41734 | 1 Nigauri | 1 Insert Estimated Reading Time | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions. | ||||
| CVE-2024-27247 | 1 Zoom | 1 Workplace Desktop | 2024-09-20 | 5.5 Medium |
| Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | ||||