CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110856 matches found

CVE-2022-47150

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS

Exploits0References1

CVE•added 6 hours ago•56 views

CVE-2022-47150

CVE-2022-47150 concerns CSRF in WordPress plugins referencing WooCommerce Conversion Tracking. Affected product: WooCommerce Conversion Tracking plugin for WordPress, versions up to and including 2.0.10. Underlying issue: Cross-Site Request Forgery, enabling unauthenticated or unauthorized action...

4.3CVSS5.4AI score

Exploits0References1

IBM Security Bulletins•added 7 hours ago•4 views

Security Bulletin: Security Vulnerabilities were found in IBM Security Verify Directory (CVE-2018-2799, CVE-2022-23437)

Summary Security Vulnerabilities were addressed in IBM Security Verify Directory Vulnerability Details CVEID:CVE-2018-2799 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171,...

7.1CVSS7.5AI score0.00091EPSS

Exploits0Affected Software1

Nuclei•added 14 hours ago•26 views

WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting

The plugin was affected by a reflected cross-site scripting vulnerability in the wooce admin page. id: CVE-2022-0149 info: name: WooCommerce Stored Exporter WordPress Plugin 2.7.1 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: The plugin was affected by a reflected...

6.1CVSS6AI score0.01124EPSS

Exploits2References5

Nuclei•added 14 hours ago•38 views

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the livemfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. id:...

7.5CVSS6.8AI score0.28752EPSS

Exploits2References5

Nuclei•added 14 hours ago•27 views

Atmail 6.5.0 - Cross-Site Scripting

Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter. id: CVE-2022-30776 info: name: Atmail 6.5.0 - Cross-Site Scripting author: 3th1cyuk1 severity: medium description: | Atmail 6.5.0 contains a cross-site scripting vulnerability via the...

6.1CVSS6AI score0.45526EPSS

Exploits0References5

Nuclei•added 14 hours ago•35 views

WordPress WPvivid Backup <0.9.76 - Local File Inclusion

WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...

4.9CVSS5.5AI score0.10885EPSS

Exploits3References5

Nuclei•added 14 hours ago•45 views

HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting

HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. id: CVE-2022-26564 info: name: HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting author: alexrydzak severity: medium description: | HotelDru...

6.1CVSS6AI score0.00547EPSS

Exploits1References5

Nuclei•added 14 hours ago•126 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

7.8CVSS7.2AI score0.36161EPSS

Exploits1References3

Nuclei•added 14 hours ago•50 views

MCMS 5.2.4 - SQL Injection

MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-25125 info: name: MCMS...

9.8CVSS8AI score0.75534EPSS

Exploits1References3

Nuclei•added 14 hours ago•28 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch othe...

6.1CVSS6.2AI score0.02434EPSS

Exploits2References5

Nuclei•added 14 hours ago•22 views

RPCMS 3.0.2 - Cross-Site Scripting

RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

6.1CVSS6.2AI score0.04425EPSS

Exploits1References5

Nuclei•added 14 hours ago•32 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6AI score0.0304EPSS

Exploits1References3

Nuclei•added 14 hours ago•51 views

Apache Airflow OS Command Injection

Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI. id: CVE-2022-24288 info: name: Apache Airflow OS Command Injection...

8.8CVSS7.7AI score0.89825EPSS

Exploits0References5

Nuclei•added 14 hours ago•33 views

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

6.1CVSS6.1AI score0.33993EPSS

Exploits2References5

Nuclei•added 14 hours ago•30 views

Omnia MPX 1.5.0+r1 - Local File Inclusion

Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...

9.8CVSS7.7AI score0.70723EPSS

Exploits1References4

Nuclei•added 14 hours ago•15 views

Cryptocurrency Widgets Pack <= 1.8.1 - SQL Injection

Cryptocurrency Widgets Pack Plugin =1.8.1 for WordPress contains an unauthenticated SQL injection caused by unsanitized user input in database queries, letting attackers execute arbitrary SQL commands, exploit requires no authentication. id: CVE-2022-44588 info: name: Cryptocurrency Widgets Pack ...

9.9CVSS8.2AI score0.34664EPSS

Exploits0References2

Nuclei•added 14 hours ago•43 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.3AI score0.02855EPSS

Exploits4References4

Nuclei•added 14 hours ago•19 views

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users id: CVE-2022-0424 info: name: Popup by Supsystic 1.10.9 - Subscriber Email...

5.3CVSS6AI score0.41967EPSS

Exploits2References2

Nuclei•added 14 hours ago•58 views

RStudio Connect - Open Redirect

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. id: CVE-2022-38131 info: name: RStudio Connect - Open Redirect author: xxcdd severity: medium description: | RStudio Connect prior to...

6.1CVSS6.3AI score0.03347EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by