CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

888 matches found

Snyk•added 2023/06/15 9:30 p.m.•2 views

Server-side Request Forgery (SSRF)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the injection of arbitrary URLs. An admin-privilege authenticated attacker can force the application to mak...

6.9CVSS7.3AI score0.00986EPSS

Exploits0References2

NVD•added 2023/06/13 4:15 p.m.•13 views

CVE-2023-33621

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...

5.9CVSS5.9AI score0.00953EPSS

Exploits1References3

OSV•added 2023/06/13 4:15 p.m.•1 views

CVE-2023-27624

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcelotorres Redirect After Login plugin = 0.1.9 versions...

4.8CVSS6.6AI score0.00619EPSS

Exploits0References1

NVD•added 2023/06/13 3:15 p.m.•10 views

CVE-2023-26538

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kamyabsoft Chat Bee plugin = 1.1.0 versions...

5.9CVSS5.4AI score0.00369EPSS

Exploits0References1

OSV•added 2023/06/13 3:15 p.m.•1 views

CVE-2023-25964

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Noah Hearle, Design Extreme We’re Open! plugin = 1.46 versions...

4.8CVSS7.3AI score0.00369EPSS

Exploits0References1

Vulnrichment•added 2023/06/13 12:0 a.m.•9 views

CVE-2023-33621

7.2AI score0.00953EPSS

Exploits1References3

CVE•added 2023/06/13 12:0 a.m.•42 views

CVE-2023-33621

CVE-2023-33621 concerns GL.iNET GL-AR750S-Ext firmware v3.215. The OpenVPN Server config file download issue causes the admin authentication token to be inserted into a GET request, leaving the token in browser history or access logs. This could allow a session-replay based bypass of authenticati...

5.9CVSS5.9AI score0.00953EPSS

Exploits1References3Affected Software1

OSV•added 2023/05/28 6:15 p.m.•2 views

CVE-2023-33328

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PluginOps MailChimp Subscribe Form plugin = 4.0.9.1 versions...

4.8CVSS6.6AI score

Exploits0References1

OSV•added 2023/05/28 5:15 p.m.•3 views

CVE-2023-33216

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9...

4.8CVSS6.6AI score0.00369EPSS

Exploits0References1

OSV•added 2023/05/26 12:15 p.m.•3 views

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

4.8CVSS6.6AI score0.00369EPSS

Exploits0References1

Positive Technologies•added 2023/05/12 12:0 a.m.•3 views

PT-2023-19224 · Unknown · Snaporbital Panorama Plugin

Name of the Vulnerable Software and Affected Versions: SnapOrbital Panorama plugin versions = 1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For SnapOrbital Panorama plugin versions =...

5.9CVSS5.3AI score0.00392EPSS

Exploits0References4

NVD•added 2023/05/10 11:15 a.m.•11 views

CVE-2022-47423

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ulf Benjaminsson WP-dTree plugin = 4.4.5 versions...

5.9CVSS5.4AI score0.00392EPSS

Exploits0References1

Positive Technologies•added 2023/05/10 12:0 a.m.•3 views

PT-2023-22043 · Unknown · Wpmobile.App

Name of the Vulnerable Software and Affected Versions: WPMobile.App versions prior to 11.20 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing authentication bypass for admin+ users. Recommendations: For versions prior to 11.20, update to a version that contains a fix f...

5.9CVSS5.6AI score0.00369EPSS

Exploits0References3

OSV•added 2023/05/09 11:15 a.m.•3 views

CVE-2023-23883

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Gwyer WP Content Filter plugin = 3.0.1 versions...

4.8CVSS6.6AI score0.00369EPSS

Exploits0References1

Positive Technologies•added 2023/05/08 12:0 a.m.•3 views

PT-2023-20072 · Cms Press · Cms Press

Name of the Vulnerable Software and Affected Versions: CMS Press plugin versions 0.2.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. There is no information provided about the estimated number ...

5.9CVSS5.5AI score0.00369EPSS

Exploits0References4

NVD•added 2023/05/04 9:15 p.m.•23 views

CVE-2022-47434

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PB SEO Friendly Images plugin = 4.0.5 versions...

5.9CVSS5.4AI score0.00369EPSS

Exploits0References1

OSV•added 2023/05/03 3:15 p.m.•1 views

CVE-2023-23785

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DgCult Exquisite PayPal Donation plugin = v2.0.0 versions...

4.8CVSS6.6AI score

Exploits0References1