Export limit exceeded: 336206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49302 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7. | ||||
| CVE-2024-48046 | 2024-10-18 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. | ||||
| CVE-2024-48023 | 2024-10-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RestaurantConnect, Inc Restaurant Reservations Widget allows Reflected XSS.This issue affects Restaurant Reservations Widget: from n/a through 1.0. | ||||
| CVE-2024-9951 | 1 Opajaap | 1 Wp Photo Album Plus | 2024-10-18 | 6.1 Medium |
| The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-9184 | 1 Sendpulse | 1 Free Web Push | 2024-10-18 | 7.2 High |
| The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-7755 | 2024-10-18 | 8.2 High | ||
| The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. | ||||
| CVE-2024-49399 | 1 Elvaco | 1 Cme3100 Firmware | 2024-10-18 | N/A |
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | ||||
| CVE-2024-49396 | 1 Elvaco | 1 Cme3100 Firmware | 2024-10-18 | N/A |
| The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. | ||||
| CVE-2024-49318 | 1 Olsonsp4c | 1 My Reading Library | 2024-10-18 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0. | ||||
| CVE-2024-49307 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6. | ||||
| CVE-2024-49299 | 2024-10-18 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502. | ||||
| CVE-2024-49297 | 2024-10-18 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0. | ||||
| CVE-2024-49292 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1. | ||||
| CVE-2024-49285 | 1 Moridrin | 1 Ssv Mailchimp | 2024-10-18 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5. | ||||
| CVE-2024-49284 | 1 Bogdanfix | 1 Wp Sendfox | 2024-10-18 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. | ||||
| CVE-2024-49281 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3. | ||||
| CVE-2024-49280 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0. | ||||
| CVE-2024-49277 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8. | ||||
| CVE-2024-49276 | 2024-10-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2. | ||||
| CVE-2024-49244 | 2024-10-18 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0. | ||||