Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. This makes it possible for authenticated at
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized val
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized
A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.databas
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user cont
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes i
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta.
CVE-2024-9634
CRITICAL CVSS 9.8
Find Similar
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input fro
wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain expor
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, th
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value
The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enum
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint.