CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2006-10001 A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipu... | 3.5 | LOW | — | 0 |
| CVE-2014-125092 A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. ... | 3.5 | LOW | — | 0 |
| CVE-2023-0734 Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-26510 Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by edi... | 5.7 | MEDIUM | — | 0 |
| CVE-2023-27635 debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) | 7.8 | HIGH | — | 0 |
| CVE-2023-27641 The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-10090 A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to c... | 3.5 | LOW | — | 0 |
| CVE-2023-22336 Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. A... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22344 Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22419 Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage informatio... | 7.8 | HIGH | — | 0 |
| CVE-2023-1184 A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup ... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-22838 Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25077 Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitra... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4928 A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/... | 3.5 | LOW | — | 0 |
| CVE-2022-4929 A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation ... | 3.5 | LOW | — | 0 |
| CVE-2023-1185 A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload.... | 4.7 | MEDIUM | — | 0 |
| CVE-2015-10091 A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manip... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-26108 Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while ... | 3.7 | LOW | — | 0 |
| CVE-2015-10092 A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-s... | 3.5 | LOW | — | 0 |
| CVE-2015-10093 A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plug... | 2.6 | LOW | — | 0 |
| CVE-2023-22856 A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted... | 8.5 | HIGH | — | 0 |
| CVE-2023-1186 A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of th... | 3.3 | LOW | — | 0 |
| CVE-2023-1187 A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global V... | 3.3 | LOW | — | 0 |
| CVE-2023-1188 A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is the function 0x222018 in the library ftwebcam.sys of the component IoContro... | 3.3 | LOW | — | 0 |
| CVE-2023-1189 A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is the function 0x222400/0x222404/0x222410 in the library Wise... | 3.3 | LOW | — | 0 |
| CVE-2023-0065 The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-1190 A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads t... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-1191 A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to... | 4.7 | MEDIUM | — | 0 |
| CVE-2017-20180 A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation ... | 4.6 | MEDIUM | — | 0 |
| CVE-2022-2178 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).This issue affects Starcities: before... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-46395 An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r... | 8.8 | HIGH | — | 0 |
| CVE-2023-0076 The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0377 The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allo... | 5.4 | MEDIUM | — | 0 |
| CVE-2015-10094 A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argum... | 2.4 | LOW | — | 0 |
| CVE-2023-0979 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4930 A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to c... | 3.5 | LOW | — | 0 |
| CVE-2023-1197 Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-1200 A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The att... | 3.5 | LOW | — | 0 |
| CVE-2023-25304 An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file. | 7.8 | HIGH | — | 0 |
| CVE-2023-27474 Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query para... | 8.0 | HIGH | — | 0 |
| CVE-2023-22481 FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in `users/_/log_api.txt` in the case where the authentication fails. The issues occu... | 4.0 | MEDIUM | — | 0 |
| CVE-2023-25169 discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have so... | 3.1 | LOW | — | 0 |
| CVE-2023-23939 Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions ru... | 3.9 | LOW | — | 0 |
| CVE-2023-26054 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-27472 quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution... | 8.2 | HIGH | — | 0 |
| CVE-2021-35377 Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-26949 An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2015-10095 A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads ... | 3.5 | LOW | — | 0 |
| CVE-2021-36392 In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-36393 In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.