Export limit exceeded: 340996 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340996 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2025-05-30 | 6.5 Medium |
| The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | ||||
| CVE-2023-7194 | 1 Meris Wp Theme Project | 1 Meris Wp Theme | 2025-05-30 | 6.1 Medium |
| The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-7170 | 1 Myeventon | 1 Rsvp Events | 2025-05-30 | 6.1 Medium |
| The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-7063 | 1 Wpforms | 1 Wpforms | 2025-05-30 | 7.2 High |
| The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6626 | 1 Gravitymaster | 1 Product Enquiry For Woocommerce | 2025-05-30 | 4.8 Medium |
| The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-52353 | 1 Arm | 1 Mbed Tls | 2025-05-30 | 7.5 High |
| An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | ||||
| CVE-2023-52046 | 1 Webmin | 1 Webmin | 2025-05-30 | 4.8 Medium |
| Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | ||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | ||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | ||||
| CVE-2023-51926 | 1 Yonyou | 1 Yonbip | 2025-05-30 | 7.5 High |
| YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | ||||
| CVE-2023-51892 | 1 Weaver | 1 E-cology | 2025-05-30 | 9.8 Critical |
| An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | ||||
| CVE-2023-51886 | 1 Ctan | 1 Mathtex | 2025-05-30 | 7.5 High |
| Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. | ||||
| CVE-2023-51885 | 1 Ctan | 1 Mathtex | 2025-05-30 | 9.8 Critical |
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | ||||
| CVE-2023-50943 | 1 Apache | 1 Airflow | 2025-05-30 | 7.5 High |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. | ||||
| CVE-2023-50693 | 1 Jester Project | 1 Jester | 2025-05-30 | 9.8 Critical |
| An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request. | ||||
| CVE-2023-50274 | 1 Hp | 1 Oneview | 2025-05-30 | 7.8 High |
| HPE OneView may allow command injection with local privilege escalation. | ||||
| CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2025-05-30 | 8.8 High |
| Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | ||||
| CVE-2023-47200 | 1 Trendmicro | 1 Apex One | 2025-05-30 | 7.8 High |
| A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. | ||||
| CVE-2023-47199 | 1 Trendmicro | 1 Apex One | 2025-05-30 | 7.8 High |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | ||||
| CVE-2023-47194 | 1 Trendmicro | 1 Apex One | 2025-05-30 | 7.8 High |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | ||||