Latest CVE Feed
-
4.3
MEDIUMCVE-2022-47179
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.... Read more
Affected Products : owm_weather- Published: Feb. 28, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-9109
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This make... Read more
Affected Products : woocommerce_ups_shipping- Published: Oct. 25, 2024
- Modified: Nov. 06, 2024
-
4.3
MEDIUMCVE-2007-3324
Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vecto... Read more
Affected Products : comersus_cart- Published: Jun. 21, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2006-5457
Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.... Read more
Affected Products : casino_script- Published: Oct. 23, 2006
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2022-2123
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.... Read more
Affected Products : wp_opt-in- Published: Jul. 11, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-5103
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. ... Read more
- Published: Oct. 09, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2006-1401
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; th... Read more
Affected Products : calendar_express- Published: Mar. 28, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2013-1497
Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin.... Read more
Affected Products : fusion_middleware- Published: Apr. 17, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2020-9987
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.... Read more
Affected Products : safari- Published: Dec. 08, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2009-1047
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vecto... Read more
- Published: Mar. 23, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2013-0317
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomp... Read more
- Published: Mar. 27, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2023-37511
If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. ... Read more
Affected Products : traveler_to_do- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-29093
Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3. ... Read more
Affected Products :- Published: Mar. 19, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2015-0494
Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors.... Read more
Affected Products : retail_applications- Published: Apr. 16, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2023-3200
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged ... Read more
Affected Products : mstore_api- Published: Jun. 14, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-10388
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.... Read more
Affected Products : relution_enterprise_appstore_publisher- Published: Aug. 07, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-3308
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.... Read more
- Published: Aug. 17, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2024-10316
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contribut... Read more
Affected Products : stratum- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Jun. 27, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2025-49965
Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0.... Read more
Affected Products :- Published: Jun. 20, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Cross-Site Request Forgery