CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-32241 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-38971 Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-38975 * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component. | 7.5 | HIGH | — | 0 |
| CVE-2023-41153 A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while edit... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-54763 An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-4611 A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a loca... | 7.0 | HIGH | — | 0 |
| CVE-2020-18912 An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39558 AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-39559 AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-6341 A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-6342 A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipula... | 7.3 | HIGH | — | 0 |
| CVE-2013-2436 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and av... | N/A | NONE | — | 0 |
| CVE-2023-32740 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions. | 5.8 | MEDIUM | — | 0 |
| CVE-2023-25019 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions | 7.1 | HIGH | — | 0 |
| CVE-2023-32597 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32746 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-36669 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. | 8.8 | HIGH | — | 0 |
| CVE-2023-32793 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-32801 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32802 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32962 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-4600 The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in vers... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-25462 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-27426 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-33208 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-33210 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-33317 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-33320 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-33325 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-33929 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoaquÃn Ruiz Easy Admin Menu plugin <= 1.3 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-41552 Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41553 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41554 Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41555 Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41556 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41557 Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41558 Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41559 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41560 Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41561 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41562 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41563 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25453 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-4624 Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | 2.4 | LOW | — | 0 |
| CVE-2023-34174 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-34175 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-34176 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-34180 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-34183 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-34184 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions. | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.