Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34375 1 10web 1 Seo 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.
CVE-2023-34374 1 Anspress 1 Anspress 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions.
CVE-2023-34372 1 Didcode 1 Spamreferrerblock 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.
CVE-2023-34369 1 Login Configurator Project 1 Login Configurator 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
CVE-2023-34368 1 Kanbanwp 1 Kanban Boards 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.
CVE-2023-34360 1 Asus 2 Rt-ax88u, Rt-ax88u Firmware 2024-11-21 8.2 High
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
CVE-2023-34244 1 Glpi-project 1 Glpi 2024-11-21 6.5 Medium
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.
CVE-2023-34187 1 Alantien 1 Call Now Icon Animate 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.
CVE-2023-34184 1 Bhavikpatel 1 Woocommerce-order-address-print 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.
CVE-2023-34183 1 Unitegallery 1 Unite Gallery Lite 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.
CVE-2023-34180 1 Kaplugins 1 Free-google-fonts 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions.
CVE-2023-34176 1 Chilexpress 1 Chilexpress-oficial 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions.
CVE-2023-34175 1 Login Configurator Project 1 Login Configurator 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
CVE-2023-34174 1 Bbsetheme 1 Bbs E-popup 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.
CVE-2023-34173 1 Yandex Metrica Counter Project 1 Yandex Metric Counter 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Semikashev Yandex Metrica Counter plugin <= 1.4.3 versions.
CVE-2023-34172 1 Miled 1 Wordpress Social Login 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.
CVE-2023-34123 1 Sonicwall 2 Analytics, Global Management System 2024-11-21 7.5 High
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
CVE-2023-34089 1 Decidim 1 Decidim 2024-11-21 8.1 High
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.
CVE-2023-34032 1 Casier 1 Bbpress Toolkit 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.
CVE-2023-34026 1 This Day In History Project 1 This Day In History 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <= 3.10.1 versions.