CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45574 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-49280			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through <= 1.10.6.
CVE-2024-49279	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through <= 1.17.5.
CVE-2024-49278	2 Omnipressteam, Wordpress	2 Omnipress, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.4.3.
CVE-2024-49277			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through <= 2.0.2.
CVE-2024-49276			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cliogrow Clio Grow clio-grow-form allows Reflected XSS.This issue affects Clio Grow: from n/a through <= 1.0.2.
CVE-2024-49270	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Smart Blocks smart-blocks allows Stored XSS.This issue affects Smart Blocks: from n/a through <= 2.0.
CVE-2024-49268	1 Sunburntkamel	1 Disconnected	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunburntkamel disconnected disconnected allows Reflected XSS.This issue affects disconnected: from n/a through <= 1.3.0.
CVE-2024-49267			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor unlimited-addon-for-elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through <= 2.0.0.
CVE-2024-49266	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin wp-spreadplugin allows Cross-Site Scripting (XSS).This issue affects WP-Spreadplugin: from n/a through <= 4.8.9.
CVE-2024-49265	1 Booking	1 Banner Creator	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SPBooking.com Booking.com Banner Creator bookingcom-banner-creator.This issue affects Booking.com Banner Creator: from n/a through <= 1.4.6.
CVE-2024-49264	1 Nicheaddons	1 Events Addon For Elementor	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through <= 2.2.0.
CVE-2024-49263			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites my-favorites allows Stored XSS.This issue affects My Favorites: from n/a through <= 1.4.1.
CVE-2024-49262			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wepic Country Flags for Elementor country-flags-for-elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through <= 1.0.1.
CVE-2024-49261	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryo Arkhe Blocks arkhe-blocks.This issue affects Arkhe Blocks: from n/a through <= 2.23.0.
CVE-2024-49259	1 Nicheaddons	1 Primary Addon For Elementor	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through <= 1.5.8.
CVE-2024-49255	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniele Alessandra Da Reactions da-reactions allows Stored XSS.This issue affects Da Reactions: from n/a through <= 5.1.5.
CVE-2024-49241	1 Tadywalsh	1 Tito	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tady Tito tito allows DOM-Based XSS.This issue affects Tito: from n/a through <= 2.3.
CVE-2024-49236	1 Hafizuddinahmed	1 Crazy Call To Action Box	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through <= 1.0.5.
CVE-2024-49234	1 Themeworm	1 Plexx Elementor Extension	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeworm Plexx Elementor Extension plexx-elementor-extension allows DOM-Based XSS.This issue affects Plexx Elementor Extension: from n/a through <= 1.3.6.
CVE-2024-49233	1 Madrasthemes	1 Mas Elementor	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MadrasThemes MAS Elementor mas-addons-for-elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through <= 1.1.6.

« first previous Page 175 of 2279. next last »