CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

102 matches found

RedhatCVE•added 2026/01/09 10:44 a.m.•5 views

CVE-2022-0321

The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.0032EPSS

Exploits2References1

EUVD•added 2026/01/02 6:30 p.m.•1 views

EUVD-2026-0321

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-16404

Malware in sbrugna...

7.5CVSS8.1AI score0.00322EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 5:17 p.m.•2 views

CVE-2020-0321

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907...

8.8CVSS8.7AI score0.00409EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:48 a.m.•8 views

CVE-2019-6849

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module...

7.5CVSS6.4AI score0.00322EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:2 a.m.•13 views

CVE-2019-0321

ABAP Server and ABAP Platform SAP Basis, versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6.1AI score0.00276EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:56 a.m.•8 views

CVE-2013-0321

Cross-site scripting XSS vulnerability in Views in the Ubercart Views ucviews module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...

4.3CVSS5.9AI score0.00285EPSS

Exploits0References1

OpenVAS•added 2025/03/10 12:0 a.m.•14 views

Mageia: Security Advisory (MGASA-2025-0090)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.00172EPSS

Exploits3References4

OSV•added 2025/03/08 1:26 a.m.•12 views

MGASA-2025-0090 Updated gpac packages fix security vulnerabilities

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5520 Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0321 Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0322...

9.8CVSS6.6AI score0.00172EPSS

Exploits3References3

Tenable Nessus•added 2025/03/05 12:0 a.m.•19 views

Linux Distros Unpatched Vulnerability : CVE-2024-0321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2024-0321 Note that Nessus relies on the presence of the package as reported by...

9.8CVSS5.6AI score0.00116EPSS

Exploits1References2

Circl•added 2025/01/28 7:27 a.m.•5 views

CVE-2025-0321

creationtimestamp| type| source ---|---|--- 2025-01-28 07:27:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113904796379107807 2025-01-28 08:16:03+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrzawmqdn2e 2025-01-28 10:25:45+00:00| seen|...

6.4CVSS7.3AI score0.00208EPSS

Exploits0References4

Vulnrichment•added 2025/01/28 7:21 a.m.•10 views

CVE-2025-0321 ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

6.4CVSS5.2AI score0.00208EPSS

Exploits0References3

Cvelist•added 2025/01/28 7:21 a.m.•12 views

CVE-2025-0321 ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter

6.4CVSS0.00208EPSS

Exploits0References3

Tenable Nessus•added 2024/07/23 12:0 a.m.•17 views

Photon OS 4.0: Keepalived PHSA-2023-4.0-0321

An update of the keepalived package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0321. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.5CVSS5.8AI score0.00182EPSS

Exploits0References2

Circl•added 2024/01/08 2:26 p.m.•0 views

CVE-2024-0321

creationtimestamp| type| source ---|---|--- 2024-01-08 14:26:38+00:00| seen| https://t.me/ctinow/164349 2024-01-25 11:06:18+00:00| seen| https://t.me/ctinow/173376 2025-05-16 15:35:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16694...

9.8CVSS5.3AI score0.00116EPSS

Exploits1References3

OSV•added 2024/01/08 1:15 p.m.•31 views

CVE-2024-0321

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV...

9.8CVSS6.9AI score

Exploits0References2