Total 281347 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27769 1 Wondershare 1 Pdf Reader 2025-02-13 7.8 High
An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.
CVE-2023-27768 1 Wondershare 1 Pdfelement 2025-02-13 7.8 High
An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file.
CVE-2023-27767 1 Wondershare 1 Dr.fone 2025-02-13 7.8 High
An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.
CVE-2023-24747 1 Jflyfox 1 Jfinal Cms 2025-02-13 5.4 Medium
Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.
CVE-2023-22985 1 Simple Guestbook Management System Project 1 Simple Guestbook Management System 2025-02-13 6.1 Medium
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.
CVE-2023-20675 4 Google, Linux, Mediatek and 1 more 38 Android, Linux Kernel, Mt5221 and 35 more 2025-02-13 4.4 Medium
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569.
CVE-2023-0967 1 Imaworldhealth 1 Bhima 2025-02-13 6.5 Medium
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform.
CVE-2022-31889 1 Enhancesoft 1 Audit Log 2025-02-13 6.1 Medium
Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.
CVE-2023-1379 1 Friendly Island Pizza Website And Ordering System Project 1 Friendly Island Pizza Website And Ordering System 2025-02-13 6.3 Medium
A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223127.
CVE-2023-1645 1 Iobit 1 Malware Fighter 2025-02-13 5.5 Medium
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability.
CVE-2021-42358 1 Contact Form With Captcha Project 1 Contact Form With Captcha 2025-02-13 8.8 High
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.
CVE-2021-42365 1 Asgaros 1 Asgaros Forum 2025-02-13 4.8 Medium
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVE-2021-42364 1 Stetic 1 Stetic 2025-02-13 8.8 High
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.
CVE-2021-39315 1 Magic-post-voice Project 1 Magic-post-voice 2025-02-13 6.1 Medium
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
CVE-2021-39319 1 Duogeek 1 Duofaq-responsive-flat-simple-faq 2025-02-13 6.1 Medium
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8.
CVE-2021-42367 1 Variation Swatches For Woocommerce Project 1 Variation Swatches For Woocommerce 2025-02-13 6.4 Medium
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.
CVE-2021-39318 1 H5p-css-editor Project 1 H5p-css-editor 2025-02-13 6.1 Medium
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
CVE-2021-39314 1 Wanderlust-webdesign 1 Woo-enviopack 2025-02-13 6.1 Medium
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
CVE-2022-2695 1 Fastlinemedia 1 Beaver Builder 2025-02-13 6.4 Medium
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2022-2716 1 Fastlinemedia 1 Beaver Builder 2025-02-13 6.4 Medium
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.