Latest CVE Feed
-
5.4
MEDIUMCVE-2023-23983
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.... Read more
Affected Products : responsive_vertical_icon_menu- EPSS Score: %0.05
- Published: Feb. 28, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24017
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.... Read more
Affected Products : fortimanager- EPSS Score: %0.15
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-28655
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users.... Read more
- EPSS Score: %0.10
- Published: Mar. 27, 2023
- Modified: Jan. 17, 2025
-
5.4
MEDIUMCVE-2023-29045
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Op... Read more
Affected Products : open-xchange_appsuite- EPSS Score: %0.16
- Published: Nov. 02, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-49791
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; wh... Read more
- EPSS Score: %0.20
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24153
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.... Read more
Affected Products : yoast_seo- EPSS Score: %0.33
- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.... Read more
- EPSS Score: %0.25
- Published: Mar. 12, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24243
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be tri... Read more
Affected Products : wpbakery_page_builder_clipboard- EPSS Score: %0.16
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-5975
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : garoon- EPSS Score: %0.20
- Published: Sep. 12, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2014-6694
The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more
Affected Products : 5sos_family_planet- EPSS Score: %0.04
- Published: Sep. 24, 2014
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2021-24283
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.... Read more
Affected Products : accordion- EPSS Score: %0.18
- Published: May. 14, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24301
The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be ... Read more
Affected Products : hotjar_connecticator- EPSS Score: %0.16
- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-32341
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.... Read more
Affected Products : wondercms- Published: Apr. 17, 2024
- Modified: Apr. 11, 2025
-
5.4
MEDIUMCVE-2024-32446
Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.This issue affects Wallet System for WooCommerce: from n/a through 2.5.9. ... Read more
Affected Products :- Published: Apr. 15, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2025-31881
Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9.... Read more
Affected Products : pearl_header_builder- Published: Apr. 01, 2025
- Modified: Apr. 01, 2025
-
5.4
MEDIUMCVE-2023-50344
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. ... Read more
Affected Products : dryice_myxalytics- EPSS Score: %0.20
- Published: Jan. 03, 2024
- Modified: Jun. 18, 2025
-
5.4
MEDIUMCVE-2014-6721
The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more
Affected Products : pharmaguideline- EPSS Score: %1.15
- Published: Sep. 26, 2014
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2014-6723
The Comics Plus (aka com.iversecomics.comicsplus.android) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat... Read more
Affected Products : comics_plus- EPSS Score: %0.04
- Published: Sep. 26, 2014
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2025-3387
A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. T... Read more
Affected Products : renren-security- Published: Apr. 07, 2025
- Modified: Apr. 29, 2025
-
5.4
MEDIUMCVE-2023-5087
The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.... Read more
Affected Products : pagelayer- EPSS Score: %0.23
- Published: Oct. 16, 2023
- Modified: Apr. 23, 2025