CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6603 matches found

CVE•added 2023/10/02 9:37 a.m.•50 views

CVE-2023-44263

CVE-2023-44263 affects the WordPress plugin Riyaz Social Metrics (versions <= 2.2). It is a Stored Cross-Site Scripting (XSS) vulnerability that requires admin+ authentication to exploit. The NVD entry lists a base CVSS v3.1 score of 4.8 (Medium), while PatchStack describes the vulnerability w...

5.9CVSS5.1AI score0.00316EPSS

Exploits0References1Affected Software1

NVD•added 2023/10/02 9:15 a.m.•19 views

CVE-2023-41855

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Regpacks Regpack plugin = 0.1 versions...

5.9CVSS5.4AI score0.0031EPSS

Exploits0References1

CVE•added 2023/10/02 8:49 a.m.•70 views

CVE-2023-41859

CVE-2023-41859 is a stored XSS affecting the WordPress plugin Order Delivery Date for WP e-Commerce, versions

5.9CVSS5.1AI score0.00316EPSS

Exploits0References1Affected Software1

CVE•added 2023/10/02 8:36 a.m.•52 views

CVE-2023-41847

CVE-2023-41847 affects the WordPress plugin Notice Bar (WEN Solutions) with versions

6.5CVSS5.5AI score0.00303EPSS

Exploits0References1Affected Software1

CVE•added 2023/10/02 8:24 a.m.•59 views

CVE-2023-41800

CVE-2023-41800: A stored XSS vulnerability in the UniConsent CMP WordPress plugin (UniConsent CMP for GDPR CPRA GPP TCF) affecting versions

5.9CVSS5.1AI score0.00316EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/10/02 8:17 a.m.•12 views

CVE-2023-41797 WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gold Plugins Locations plugin = 4.0 versions...

6.5CVSS5.6AI score0.0033EPSS

Exploits0References1

CVE•added 2023/10/02 8:17 a.m.•59 views

CVE-2023-41797

CVE-2023-41797 : The WordPress plugin Locations (Gold Plugins Locations) , affected in versions <= 4.0, contains a Stored Cross-Site Scripting (XSS) vulnerability. Connected sources confirm the issue affects the Locations plugin with contributor+ (and higher) roles storing scripts that can be ...

6.5CVSS5.5AI score0.0033EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/10/02 7:43 a.m.•17 views

CVE-2023-41731 WordPress wordpress publish post email notification Plugin <= 1.0.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin = 1.0.2.2 versions...

5.9CVSS5.5AI score0.0031EPSS

Exploits0References1

CVE•added 2023/10/02 7:43 a.m.•95 views

CVE-2023-41731

CVE-2023-41731 affects the WordPress plugin Publish Post Email Notification by I Thirteen Web Solution. A stored XSS (requires admin+ privileges) exists in versions

5.9CVSS5.1AI score0.0031EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2023/10/02 12:0 a.m.•39 views

Debian DSA-5512-1 : exim4 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5512 advisory. Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticato...

9.8CVSS7.6AI score0.28084EPSS

Exploits5References10

CVE•added 2023/09/29 1:51 p.m.•51 views

CVE-2023-41687

CVE-2023-41687: WordPress Goods Catalog plugin (versions

6.5CVSS5.5AI score0.0031EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/09/29 1:48 p.m.•12 views

CVE-2023-41666 WordPress Stock Quotes List Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Stockdio Stock Quotes List plugin = 2.9.9 versions...

6.5CVSS5.6AI score0.0031EPSS

Exploits0References1

CVE•added 2023/09/29 1:24 p.m.•49 views

CVE-2023-41655

CVE-2023-41655 affects the WordPress plugin authLdap (by Andreas Heigl). Public records describe an Authenticated Stored Cross-Site Scripting (XSS) vulnerability exploitable by an Administrator (admin+) due to input handling in the plugin. Vulnerable versions are listed as

5.9CVSS5.1AI score0.00316EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2023/09/29 6:15 a.m.•3 views

CVE-2023-44466

An issue was discovered in net/ceph/messengerv2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in cephdecode32...

8.8CVSS7.5AI score0.54577EPSS

Exploits1References6

Cvelist•added 2023/09/29 5:6 a.m.•29 views

CVE-2023-30591 NodeBB Pre-Authentication Denial-of-Service

Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...

7.5CVSS7.7AI score0.53804EPSS

Exploits0References4

OpenVAS•added 2023/09/29 12:0 a.m.•44 views

Exim < 4.96.1 Multiple Vulnerabilities (Sep 2023)

Exim is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...

9.8CVSS7.5AI score0.28084EPSS

Exploits5References4

ATTACKERKB•added 2023/09/27 3:19 p.m.•2 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS5.8AI score0.01988EPSS

Exploits0References2