CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-29089 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaur... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29091 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Hon... | 7.1 | HIGH | — | 0 |
| CVE-2026-35600 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown spe... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-35601 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT v... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-35602 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip in... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-29092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: ... | 7.1 | HIGH | — | 0 |
| CVE-2024-29094 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Go... | 7.1 | HIGH | — | 0 |
| CVE-2024-2702 Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a t... | 8.2 | HIGH | — | 0 |
| CVE-2024-2721 Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. | 8.2 | HIGH | — | 0 |
| CVE-2024-27995 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-27190 Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-35647 OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outs... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-27956 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | 9.9 | CRITICAL | — | 0 |
| CVE-2024-27962 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7... | 7.1 | HIGH | — | 0 |
| CVE-2024-27964 Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9. | 8.8 | HIGH | — | 0 |
| CVE-2024-2578 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-24835 Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24840 Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-35654 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender al... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2864 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from... | 7.3 | HIGH | — | 0 |
| CVE-2024-23520 Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24711 Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24718 Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24719 Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24799 Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-30233 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-30234 Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40086 Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35667 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately witho... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-30235 Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-22300 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers ... | 7.1 | HIGH | — | 0 |
| CVE-2026-40074 SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter co... | 7.5 | HIGH | — | 0 |
| CVE-2024-22311 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule App... | 7.1 | HIGH | — | 0 |
| CVE-2024-24700 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8... | 7.1 | HIGH | — | 0 |
| CVE-2024-24800 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed ... | 7.1 | HIGH | — | 0 |
| CVE-2024-24842 Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: ... | 8.7 | HIGH | — | 0 |
| CVE-2024-29820 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29906 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects W... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-40103 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projec... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-40160 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host va... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | N/A | NONE | — | 0 |
| CVE-2026-40200 An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number ... | 8.1 | HIGH | — | 0 |
| CVE-2024-29907 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor:... | 7.1 | HIGH | — | 0 |
| CVE-2024-29908 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-publ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29909 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille Verrier Travelers' Map allows Stored XSS.This issue affects Travelers' Map: from n/a throu... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29911 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Ele... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40163 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to cre... | 8.2 | HIGH | — | 0 |
| CVE-2024-29912 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29913 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29914 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.