Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43909 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32801 1 Woocommerce 1 Composite Products 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.
CVE-2023-32800 1 Rankmath 1 Seo Pro 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions.
CVE-2023-32797 1 I13websolution 1 Video Carousel Slider With Lightbox 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.
CVE-2023-32796 1 Mingocommerce 1 Woocommerce Product Enquiry 2024-11-21 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions.
CVE-2023-32793 1 Woocommerce 1 Woocommerce Pre-orders 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
CVE-2023-32790 1 Nxlog 1 Nxlog Manager 2024-11-21 4.6 Medium
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.
CVE-2023-32746 1 Woocommerce 1 Woocommerce Brands 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
CVE-2023-32740 1 Kunalnagar 1 Custom 404 Pro 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions.
CVE-2023-32738 1 Xtendify 1 Eonet Manual User Approve 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.
CVE-2023-32693 1 Decidim 1 Decidim 2024-11-21 8.1 High
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.
CVE-2023-32671 1 Buddyboss 1 Buddyboss 2024-11-21 6.3 Medium
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.
CVE-2023-32670 1 Buddyboss 1 Buddyboss 2024-11-21 9 Critical
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
CVE-2023-32652 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 8 High
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.
CVE-2023-32624 1 Sakura 1 Ts Webfonts 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
CVE-2023-32619 1 Tp-link 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more 2024-11-21 8.8 High
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
CVE-2023-32603 1 Rednao 1 Smart Donations 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.
CVE-2023-32600 1 Rankmath 1 Seo 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
CVE-2023-32598 1 Shooflysolutions 1 Featured Image Pro Post Grid 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions.
CVE-2023-32597 1 I13websolution 1 Video Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.
CVE-2023-32596 1 Wolfgangertl 1 Weebotlite 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions.