CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1360 matches found

Prion•added 2023/06/15 7:15 p.m.•22 views

Design/Logic Flaw

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of...

5.8CVSS7.1AI score0.01223EPSS

Exploits0References1Affected Software2

Prion•added 2023/06/15 7:15 p.m.•17 views

Server side request forgery (ssrf)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

3.3CVSS5.8AI score0.00986EPSS

Exploits0References1Affected Software2

Prion•added 2023/06/15 7:15 p.m.•17 views

Server side request forgery (ssrf)

3.3CVSS5.8AI score0.00861EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2023/06/15 12:0 a.m.•8 views

CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration

4.9CVSS7.1AI score0.00986EPSS

Exploits0References1

Vulnrichment•added 2023/06/15 12:0 a.m.•6 views

CVE-2023-29292 Server Side Request Forgery (SSRF) in FedEx carrier integration configuration

4.9CVSS7.1AI score0.00861EPSS

Exploits0References1

Cvelist•added 2023/06/15 12:0 a.m.•20 views

CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration

4.9CVSS5.4AI score0.00986EPSS

Exploits0References1

WPVulnDB•added 2023/06/15 12:0 a.m.•21 views

Contact Form by WD <= 1.13.23 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the...

9AI score0.00741EPSS

Exploits2Affected Software1

Cvelist•added 2023/06/15 12:0 a.m.•25 views

CVE-2023-29292 Server Side Request Forgery (SSRF) in FedEx carrier integration configuration

4.9CVSS5.4AI score0.00861EPSS

Exploits0References1

Cvelist•added 2023/06/15 12:0 a.m.•18 views

CVE-2023-29297 Admin-to-admin stored XSS via cache poisoning

9.1CVSS9.4AI score0.01223EPSS

Exploits0References1

Prion•added 2023/06/13 4:15 p.m.•17 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

4.3CVSS4.8AI score0.00392EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•15 views

Password Protected < 2.6.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00393EPSS

Exploits0Affected Software1

GithubExploit•added 2023/06/05 10:26 p.m.•501 views

Exploit for Special Element Injection in Rocket.Chat

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remot...

9.8CVSS10AI score0.95242EPSS

Exploits16

NVD•added 2023/06/05 2:15 p.m.•12 views

CVE-2023-2488

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

6.1CVSS6AI score0.00522EPSS

Exploits2References1

Vulnrichment•added 2023/06/05 1:39 p.m.•12 views

CVE-2023-2224 Seo By 10Web < 1.2.7 - Admin+ Stored XSS

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00909EPSS

Exploits3References2

Vulnrichment•added 2023/06/05 1:39 p.m.•6 views

CVE-2023-0900 AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins...

7.3AI score0.03229EPSS

Exploits2References1

Vulnrichment•added 2023/06/05 1:38 p.m.•10 views

CVE-2023-0545 Hostel < 1.1.5.2 - Admin+ Stored XSS

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00442EPSS

Exploits2References1

WPVulnDB•added 2023/06/05 12:0 a.m.•20 views

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2...

7.2CVSS9.6AI score0.0085EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/05 12:0 a.m.•25 views

Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

4.8CVSS7.9AI score0.00773EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/05 12:0 a.m.•14 views

Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

4.8CVSS8.2AI score0.00501EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/02 12:0 a.m.•13 views

Call Now Accessibility Button < 1.2 - Admin+ Stored XSS