Search and browse vulnerability records from NVD
Showing 50 of 42142 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1. |
0.5% | 2023-12-31 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support β WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support β WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6. |
0.5% | 2023-12-31 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2. |
0.5% | 2023-12-31 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.1.0. |
0.5% | 2023-12-31 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza β WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza β WordPress Website and WooCommerce Builder: from n/a through 8.17.4. |
0.4% | 2023-12-29 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. |
0.3% | 2023-12-29 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown β Protect Login Form.This issue affects Login Lockdown β Protect Login Form: from n/a through 2.06. |
0.6% | 2023-12-29 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE β Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE β Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. |
0.5% | 2023-12-29 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2. |
0.3% | 2023-12-29 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega β Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega β Absolute Addons For Elementor: from n/a through 2.3.8. |
0.4% | 2023-12-29 | ||
| 8.1 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator β WordPress Two Factor Authentication β 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator β WordPress Two Factor Authentication β 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. |
0.7% | 2023-12-29 | ||
| 8.5 HIGH |
Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8. |
0.7% | 2023-12-29 | ||
| 7.3 HIGH |
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file |
0.1% | 2023-12-29 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms β Ultimate Form Builder β Contact forms and much more.This issue affects NEX-Forms β Ultimate Form Builder β Contact forms and much more: from n/a through 8.5.5. |
0.6% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory β WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory β WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging β WP Mail Catcher.This issue affects Mail logging β WP Mail Catcher: from n/a through 2.1.3. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4. |
0.5% | 2023-12-28 | ||
| 8.5 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1. |
0.5% | 2023-12-28 | ||
| 8.5 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress β Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress β Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72. |
0.5% | 2023-12-28 | ||
| 8.5 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a through 1.8.18. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration β Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration β Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar β Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar β Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf β Export To Pdf Tool for WordPress.This issue affects E2Pdf β Export To Pdf Tool for WordPress: from n/a through 1.20.23. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. |
0.5% | 2023-12-28 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit β Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit β Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. |
0.5% | 2023-12-28 | ||
| 8.2 HIGH |
Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. |
0.7% | 2023-12-28 | ||
| 7.5 HIGH |
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP β Donation Plugin and Fundraising Platform.This issue affects GiveWP β Donation Plugin and Fundraising Platform: from n/a through 2.25.3. |
0.6% | 2023-12-28 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. |
0.4% | 2023-12-28 | ||
| 7.5 HIGH |
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check. |
1.5% | 2023-12-27 | ||
|
CVE-2023-7101
KEV
|
7.8 HIGH |
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type βevalβ. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. |
16.7% | 2023-12-24 | |
| 7.0 HIGH |
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses." |
0.7% | 2023-12-24 | ||
| 7.4 HIGH |
The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
0.4% | 2023-12-23 | ||
| 7.2 HIGH |
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. |
45.9% | 2023-12-23 | ||
| 7.0 HIGH |
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. |
0.5% | 2023-12-22 | ||
| 7.5 HIGH |
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. |
4.2% | 2023-12-22 | ||
|
CVE-2023-7024
KEV
|
8.8 HIGH |
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
7.4% | 2023-12-21 | |
| 7.0 HIGH |
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. |
0.8% | 2023-12-21 | ||
| 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin β JobWP.This issue affects WordPress Job Board and Recruitment Plugin β JobWP: from n/a through 2.1. |
0.5% | 2023-12-21 | ||
| 8.1 HIGH |
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad β Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad β Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. |
0.6% | 2023-12-21 | ||
| 8.8 HIGH |
Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. |
0.8% | 2023-12-20 | ||
| 8.4 HIGH |
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15. |
0.7% | 2023-12-20 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. |
0.6% | 2023-12-20 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. |
0.6% | 2023-12-20 | ||
| 8.2 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. |
0.7% | 2023-12-20 |