CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

WPVulnDB•added 2024/04/04 12:0 a.m.•25 views

wp-forecast < 9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The wp-forecast plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00181EPSS

Exploits0References1Affected Software1

NVD•added 2023/06/06 7:15 p.m.•5 views

CVE-2023-33652

Sitecore Experience Platform XP v9.3 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /sitecore/shell/Invoke.aspx...

8.8CVSS9.1AI score0.03662EPSS

Exploits1References1

Prion•added 2023/06/06 7:15 p.m.•8 views

Design/Logic Flaw

Sitecore Experience Platform XP v9.3 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML...

6.5CVSS9AI score0.02892EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/06 12:0 a.m.•10 views

CVE-2023-33652

Sitecore Experience Platform XP v9.3 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /sitecore/shell/Invoke.aspx...

9.3AI score0.03662EPSS

Exploits1References1

Cvelist•added 2023/06/06 12:0 a.m.•14 views

CVE-2023-33653

9.3AI score0.02892EPSS

Exploits1References1

CVE•added 2023/06/06 12:0 a.m.•40 views

CVE-2023-33652

Sitecore Experience Platform (XP) v9.3 is affected by an authenticated remote code execution (RCE) vulnerability in the /sitecore/shell/Invoke.aspx component. The CVSS 3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW exploit complexity, LOW privileges required, and no user interaction...

8.8CVSS9AI score0.03662EPSS

Exploits1References1Affected Software1

CVE•added 2023/06/06 12:0 a.m.•44 views

CVE-2023-33653

CVE-2023-33653 affects Sitecore Experience Platform (XP) v9.3. The authenticated RCE exists in the content management component via /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML. CVSS v3.1 base score 8.8 (HIGH) with network access, low privileges required, no user interaction...

8.8CVSS9AI score0.02892EPSS

Exploits1References1Affected Software1

CVE•added 2022/09/22 11:16 p.m.•77 views

CVE-2022-38573

CVE-2022-38573 affects 10-Strike Network Inventory Explorer v9.3, where a buffer overflow is triggered via the Add Computers function. The issue has a CVSS v3.1 base score of 9.8 (CRITICAL), with network access, no privileges required, and no user interaction required. Impact is rated HIGH on con...

9.8CVSS9.7AI score0.00828EPSS

Exploits1References2Affected Software1

CVE•added 2020/04/29 10:15 p.m.•53 views

CVE-2019-5620

CVE-2019-5620 concerns ABB MicroSCADA Pro SYS600 9.3, where a missing authentication for a critical function (CWE-306) enables a network-accessible flaw. The issue is tied to the wserver.exe component, described in public exploit evidence as a remote code execution scenario via unauthenticated EX...

9.8CVSS9.7AI score0.79326EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by