Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12638 1 Ombu 1 Bulk Me Now\! 2025-05-11 7.1 High
The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-10309 1 Data443 1 Tracking Code Manager 2025-05-11 5.9 Medium
The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
CVE-2024-12749 1 Raiserweb 1 Competition Form 2025-05-11 7.1 High
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-12807 1 Artlosk 1 Social Share Buttons 2025-05-11 4.8 Medium
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-39501 1 Redhat 1 Enterprise Linux 2025-05-10 4.7 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-53063 2025-05-10 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-48917 2025-05-10 5.0 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37835 2025-05-10 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37795 2025-05-10 7.1 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-50016 2025-05-10 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-47770 2025-05-10 N/A
Not used
CVE-2025-47769 2025-05-10 N/A
Not used
CVE-2025-47768 2025-05-10 N/A
Not used
CVE-2025-47767 2025-05-10 N/A
Not used
CVE-2025-47766 2025-05-10 N/A
Not used
CVE-2025-47765 2025-05-10 N/A
Not used
CVE-2025-47764 2025-05-10 N/A
Not used
CVE-2025-47763 2025-05-10 N/A
Not used
CVE-2025-47762 2025-05-10 N/A
Not used
CVE-2022-42983 1 Anji-plus 1 Aj-report 2025-05-10 8.8 High
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.