CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4877 matches found

CVE•added 2023/03/20 3:52 p.m.•66 views

CVE-2023-0365

The CVE-2023-0365 entry concerns the React Webcam WordPress plugin (versions

5.4CVSS5.3AI score0.00198EPSS

Exploits2References1Affected Software1

CNNVD•added 2023/03/20 12:0 a.m.•1 views

WordPress plugin React Webcam 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS5.5AI score0.00198EPSS

Exploits2References2

Positive Technologies•added 2023/03/20 12:0 a.m.•3 views

PT-2023-16215 · WordPress · React Webcam Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: React Webcam WordPress plugin version 1.2.0 Description: The issue is related to the React Webcam WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the...

5.4CVSS5.2AI score0.00198EPSS

Exploits2References5

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•2 views

Malicious code in react-advanced-breadcrumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43ca4841853fdec8c951bcbb886eb3fbf01574178c614c25db2ed6a608d31d45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References2

OSV•added 2023/03/15 2:0 a.m.•6 views

MAL-2023-723 Malicious code in react-advanced-breadcrumbs (npm)

7AI score

Exploits0References2

OSV•added 2023/03/15 2:0 a.m.•8 views

MAL-2023-734 Malicious code in react-screen-reader-announce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc94449e1dfbaea67fc7604cd192d90a355930f498364278937ae27e64050540 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References2

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•2 views

Malicious code in fluent-ui-react-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d4f214d34026a7c88fc092754888c5c4c127f5cead75c2e93a25b2a3e3cc403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References2

OSSF Malicious Packages•added 2023/03/15 2:0 a.m.•2 views

Malicious code in react-screen-reader-announce (npm)

6.9AI score

Exploits0References2

OSV•added 2023/03/15 2:0 a.m.•10 views

MAL-2023-449 Malicious code in fluent-ui-react-latest (npm)

7AI score

Exploits0References2

Snyk•added 2023/03/14 8:19 a.m.•1 views

Malicious Package

Overview cp-react-ui-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

9.8CVSS7.1AI score

Exploits0References3

Snyk•added 2023/03/13 8:18 a.m.•1 views

Malicious Package

Overview react-advanced-breadcrumbs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

9.8CVSS7.1AI score

Exploits0References3

Snyk•added 2023/03/13 8:18 a.m.•1 views

Malicious Package

Overview react-screen-reader-announce is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score

Exploits0References3

Veracode•added 2023/03/03 3:42 a.m.•31 views

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to React's render cycle in the "Text" plugin which passes through the unsanitized HTML code, allowing an attacker with an editor role to inject and execute malicious JavaScript, and take over the...

6.4CVSS5.4AI score0.60579EPSS

Exploits0References7Affected Software1

Tenable Nessus•added 2023/03/03 12:0 a.m.•36 views

FreeBSD : Grafana -- Stored XSS in text panel plugin (6dccc186-b824-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6dccc186-b824-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal...

6.4CVSS7.2AI score0.17757EPSS

Exploits0References3

NVD•added 2023/03/02 1:15 a.m.•17 views

CVE-2023-22462

Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be...

6.4CVSS6.7AI score0.17757EPSS

Exploits0References4