Export limit exceeded: 45897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45897 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32227 | 1 Synel | 2 Synergy\/a, Synergy\/a Firmware | 2024-11-21 | 9.8 Critical |
| Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2023-32130 | 1 Danielpowney | 1 Multi Rating | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions. | ||||
| CVE-2023-32122 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions. | ||||
| CVE-2023-32119 | 1 Wpo365 | 1 Mail Integration For Office 365 \/ Outlook | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions. | ||||
| CVE-2023-32118 | 1 Wpoperation | 1 Salert - Fake Sales Notification Woocommerce | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions. | ||||
| CVE-2023-32116 | 1 Totalpress | 1 Custom Post Types | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions. | ||||
| CVE-2023-32109 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions. | ||||
| CVE-2023-32108 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions. | ||||
| CVE-2023-32107 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. | ||||
| CVE-2023-32105 | 1 Wp-pizza | 1 Wppizza | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions. | ||||
| CVE-2023-32103 | 1 Themepalace | 1 Tp Education | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions. | ||||
| CVE-2023-32102 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions. | ||||
| CVE-2023-32089 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | ||||
| CVE-2023-32088 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | ||||
| CVE-2023-32087 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | ||||
| CVE-2023-32077 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 7.5 High |
| Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. | ||||
| CVE-2023-32000 | 1 Ui | 1 Unifi Network Application | 2024-11-21 | 4.8 Medium |
| A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | ||||
| CVE-2023-31942 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. | ||||
| CVE-2023-31935 | 1 Phpgurukul | 1 Rail Pass Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | ||||
| CVE-2023-31934 | 1 Phpgurukul | 1 Rail Pass Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | ||||