CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7610 matches found

CNNVD•added 2023/08/25 12:0 a.m.•2 views

Tenda AC23 输入验证错误漏洞

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. The Tenda AC23 suffers from a stack buffer overflow vulnerability that stems from the...

8.8CVSS7.6AI score0.00154EPSS

Exploits1References2

NVD•added 2023/08/22 7:16 p.m.•12 views

CVE-2023-37425

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

8CVSS7.5AI score0.00529EPSS

Exploits0References1

NVD•added 2023/08/22 7:16 p.m.•12 views

CVE-2023-37422

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

8.1CVSS8AI score0.0014EPSS

Exploits0References1

NVD•added 2023/08/22 7:16 p.m.•14 views

CVE-2023-37423

8.1CVSS8AI score0.00145EPSS

Exploits0References1

Prion•added 2023/08/22 7:16 p.m.•24 views

Cross site scripting

4.9CVSS5.6AI score0.00145EPSS

Exploits0References1Affected Software1

Prion•added 2023/08/22 7:16 p.m.•17 views

Cross site scripting

5.8CVSS6.2AI score0.00529EPSS

Exploits0References1Affected Software1

Prion•added 2023/08/22 7:16 p.m.•17 views

Cross site scripting

4.9CVSS5.6AI score0.00145EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/08/22 6:1 p.m.•10 views

CVE-2023-37425 Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

8CVSS6.5AI score0.00529EPSS

Exploits0References1

Cvelist•added 2023/08/22 5:57 p.m.•16 views

CVE-2023-37423 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

8.1CVSS8.2AI score0.00145EPSS

Exploits0References1

Cvelist•added 2023/08/22 5:57 p.m.•18 views

CVE-2023-37422 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

8.1CVSS8.2AI score0.0014EPSS

Exploits0References1

NVD•added 2023/08/21 9:15 a.m.•12 views

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...

5.4CVSS5.4AI score0.28345EPSS

Exploits0References4

NVD•added 2023/08/21 9:15 a.m.•14 views

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

6.1CVSS6.4AI score0.00333EPSS

Exploits0References3

Prion•added 2023/08/21 9:15 a.m.•19 views

Cross site scripting

5.8CVSS6.5AI score0.00333EPSS

Exploits0References3Affected Software1

Prion•added 2023/08/21 9:15 a.m.•20 views

Cross site scripting

4.9CVSS5.4AI score0.28345EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/08/21 8:14 a.m.•12 views

CVE-2023-39543

6.8AI score0.00333EPSS

Exploits0References3

Vulnrichment•added 2023/08/21 8:14 a.m.•12 views

CVE-2023-39543

6.9AI score0.00333EPSS

Exploits0References3

CVE•added 2023/08/21 8:14 a.m.•49 views

CVE-2023-39543

CVE-2023-39543 describes a cross-site scripting (XSS) vulnerability in LuxCal Web Calendar. The issue affects LuxCal Web Calendar versions prior to 5.2.3M (MySQL) and prior to 5.2.3L (SQLite). The underlying behavior allows a remote unauthenticated attacker to cause arbitrary script execution in ...

6.1CVSS6.3AI score0.00333EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/08/21 8:13 a.m.•21 views

CVE-2023-40068

5.6AI score0.28345EPSS

Exploits0References4

CNNVD•added 2023/08/21 12:0 a.m.•2 views

LuxSoft LuxCal Web Calendar 跨站脚本漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to...

6.1CVSS6.8AI score0.00333EPSS

Exploits0References5

Github Security Blog•added 2023/08/18 9:50 p.m.•27 views

XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message

Impact Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Open the invitation...

9.9CVSS8.1AI score0.03847EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by