Export limit exceeded: 366296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41708 | 1 Relatedcode | 1 Messenger | 2025-05-08 | 4.3 Medium |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | ||||
| CVE-2022-41707 | 1 Relatedcode | 1 Messenger | 2025-05-08 | 6.5 Medium |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. | ||||
| CVE-2022-40798 | 1 Ocomon Project | 1 Ocomon | 2025-05-08 | 7.5 High |
| OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. | ||||
| CVE-2024-2739 | 1 Mndpsingh287 | 1 Advanced Search | 2025-05-08 | 8.7 High |
| The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-1849 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2025-05-08 | 5.4 Medium |
| The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL | ||||
| CVE-2024-1755 | 1 Computy | 1 Nps Computy | 2025-05-08 | 8.8 High |
| The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-1754 | 2 Computy, Nps | 2 Nps Computy, Computy | 2025-05-08 | 4.7 Medium |
| The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-10562 | 1 10web | 1 Form Maker | 2025-05-08 | 2.7 Low |
| The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11223 | 1 Wpforms | 1 Wpforms | 2025-05-08 | 4.7 Medium |
| The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-39057 | 1 Changingtec | 1 Rava Certificate Validation System | 2025-05-08 | 7.2 High |
| RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. | ||||
| CVE-2024-10678 | 1 Dotcamp | 1 Ultimate Blocks | 2025-05-08 | 5.4 Medium |
| The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-6136 | 1 Tipsandtricks-hq | 1 Wp Estore | 2025-05-08 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-6134 | 2 Tipsandtricks-hq, Wp Easycart | 2 Wp Estore, Shopping Cart And Ecommerce Store | 2025-05-08 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6133 | 1 Tipsandtricks-hq | 1 Wp Estore | 2025-05-08 | 6.5 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-12568 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | 4.8 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12567 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | 4.8 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12566 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | 4.8 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11636 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | 4.8 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-22251 | 1 Juniper | 2 Csrx, Junos | 2025-05-08 | 7.8 High |
| On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. | ||||
| CVE-2024-25454 | 1 Axiosys | 1 Bento4 | 2025-05-08 | 5.5 Medium |
| Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | ||||