CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-38355 MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | HIGH | β | 0 |
| CVE-2023-2618 A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of th... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-2619 A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manip... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-30777 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <=Β 6.1.5 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-22711 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <=Β 2.6.2 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23701 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <=Β 3.4.1 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23786 Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <=Β 3.3.3 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-23812 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <=Β 2.2.3 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-24392 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <=Β 1.1.7 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-24418 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <=Β 3.2 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-32970 Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <=Β 1.2.4 versions. | 4.1 | MEDIUM | β | 0 |
| CVE-2023-22696 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <=Β 2.5 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23794 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss Semalt Blocker plugin <=Β 1.1.3 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-23873 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flector BBSpoiler plugin <=Β 2.01 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-27910 A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-24406 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <=Β 1.8.6 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-27419 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <=Β 1.1.4 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-27455 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin <=Β 2.4.5 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-29101 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <=Β 26.7.5 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-30746 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <=Β 2.4.15 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-33961 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <=Β 7.5.8 versions. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-46817 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <=Β 2.3.3 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-21239 Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access. | 5.6 | MEDIUM | β | 0 |
| CVE-2022-46819 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <=Β 13.0 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-46861 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <=Β 6.2 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-27856 Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <=Β 4.1 versions. | 3.4 | LOW | β | 0 |
| CVE-2022-47137 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <=Β 4.3.4 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-47423 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <=Β 4.4.5 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-47436 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-47441 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <=Β 1.7.0.10 versions. | 7.1 | HIGH | β | 0 |
| CVE-2020-18413 Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-47587 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <=Β 1.4.5 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-47590 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <=Β 1.5.2 versions. | 7.1 | HIGH | β | 0 |
| CVE-2022-47600 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <=Β 1.1.4 versions. | 7.1 | HIGH | β | 0 |
| CVE-2022-47606 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <=Β 0.2.1 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-45846 Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin <Β 5.6.9 versions. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1732 When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()Β returns an error. In rare deployment cases (error thrown by the Read()Β ... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-21162 Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-27911 A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. | 7.5 | HIGH | β | 0 |
| CVE-2022-21804 Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access. | 8.4 | HIGH | β | 0 |
| CVE-2022-25976 Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-27180 Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.2 | MEDIUM | β | 0 |
| CVE-2022-28699 Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | β | 0 |
| CVE-2022-29508 Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.3 | MEDIUM | β | 0 |
| CVE-2022-29919 Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | β | 0 |
| CVE-2022-30338 Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2022-33894 Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7.5 | HIGH | β | 0 |
| CVE-2022-31477 Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-32576 Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2022-32577 Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local acce... | 3.4 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.