Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43892 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27432 1 Manage Upload Limit Project 1 Manage Upload Limit 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions.
CVE-2023-27429 1 Automattic 1 Jetpack Crm 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.
CVE-2023-27427 1 Ntzapps 1 Crm Memberships 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.
CVE-2023-27426 1 Notifyvisitors 1 Notifyvisitors 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.
CVE-2023-27425 1 Electric Studio Client Login Project 1 Electric Studio Client Login 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.
CVE-2023-27422 1 Nsthemes 1 Ns Coupon To Become Customer 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.
CVE-2023-27421 1 Everestthemes 1 Everest News 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions.
CVE-2023-27420 1 Everestthemes 1 Arya Multipurpose 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.
CVE-2023-27415 1 Themeqx 1 Letterpress 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.
CVE-2023-27414 1 Ays-pro 1 Popup Box 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
CVE-2023-27413 1 W4 Post List Project 1 W4 Post List 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.
CVE-2023-27412 1 Everestthemes 1 Mocho Blog 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.
CVE-2023-27279 1 Ibm 1 Aspera Faspex 2024-11-21 6.5 Medium
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
CVE-2023-27225 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.
CVE-2023-27169 1 Xpand-it 1 Write-back Manager 2024-11-21 6.5 Medium
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
CVE-2023-27150 1 Opencrx 1 Opencrx 2024-11-21 5.4 Medium
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
CVE-2023-27149 1 Enhancesoft 1 Osticket 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.
CVE-2023-27148 1 Enhancesoft 1 Osticket 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
CVE-2023-27121 1 Pleasantsolutions 1 Pleasant Password Server 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.
CVE-2023-26961 1 Alteryx 1 Alteryx Server 2024-11-21 4.8 Medium
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request.