CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

GithubExploit•added 2026/05/02 5:49 a.m.•49 views

Exploit for CVE-2026-41200

CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...

8.5CVSS6.1AI score0.00069EPSS

Exploits1

NVD•added 2026/04/23 2:16 a.m.•1 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS0.00069EPSS

Exploits1References1

EUVD•added 2026/04/23 12:40 a.m.•2 views

EUVD-2026-25158

8.5CVSS6.1AI score0.00069EPSS

Exploits1References1

ATTACKERKB•added 2026/04/23 12:40 a.m.•2 views

CVE-2026-41200

8.5CVSS6.1AI score0.00069EPSS

Exploits1References2Affected Software1

CVE•added 2026/04/23 12:40 a.m.•5 views

CVE-2026-41200

STIG Manager versions 1.5.10–1.6.7 contain a reflected XSS in OIDC error handling (src/init.js, public/reauth.html) where error and error_description are written to the DOM via innerHTML without escaping. An attacker who composes a malicious redirect URL can cause JavaScript to run in the victim’...

8.5CVSS6.1AI score0.00069EPSS

Exploits1References1

Positive Technologies•added 2026/04/23 12:0 a.m.•1 views

PT-2026-34595

8.5CVSS6.1AI score0.00069EPSS

Exploits1References2

RedhatCVE•added 2026/03/26 3:13 p.m.•2 views

CVE-2025-12473

The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00118EPSS

Exploits0References1

Vulnrichment•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS5.9AI score0.00034EPSS

Exploits0References5

ATTACKERKB•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-1278

4.4CVSS5.9AI score0.00034EPSS

Exploits0References6

Cvelist•added 2026/03/21 3:27 a.m.•27 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

4.4CVSS0.00034EPSS

Exploits0References5

CNNVD•added 2026/03/21 12:0 a.m.•2 views

WordPress plugin Mandatory Field 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00034EPSS

Exploits0References5

vulnersOsv•added 2026/03/16 8:51 p.m.•3 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +220 more potentially affected by CVE-2026-27962 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-27962 Source advisory:...

9.1CVSS7.2AI score0.00081EPSS

Exploits1

Patchstack•added 2026/03/11 9:37 a.m.•5 views

WordPress RTMKit plugin <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability

Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability discovered by LionTree in WordPress Plugin RTMKit versions = 1.6.8...

6.1CVSS5.8AI score0.00118EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/11 2:16 a.m.•3 views

CVE-2025-12473

6.1CVSS0.00118EPSS

Exploits0References4

CVE•added 2026/03/11 1:22 a.m.•9 views

CVE-2025-12473

CVE-2025-12473 refers to the RTMKit WordPress plugin (rometheme-for-elementor) with a Reflected Cross‑Site Scripting flaw via the themebuilder parameter in all versions up to 1.6.8. Documents confirm the vulnerability allows unauthenticated attackers to inject arbitrary scripts on pages executed ...

6.1CVSS5.7AI score0.00118EPSS

Exploits0References4

ATTACKERKB•added 2026/03/11 1:22 a.m.•2 views

CVE-2025-12473

6.1CVSS5.7AI score0.00118EPSS

Exploits0References5

CNNVD•added 2026/03/11 12:0 a.m.•2 views

WordPress plugin RTMKit 跨站脚本漏洞

6.1CVSS5.7AI score0.00118EPSS

Exploits0References4

Patchstack•added 2026/01/30 8:43 a.m.•4 views

WordPress VikBooking plugin < 1.6.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...

5.9CVSS5.9AI score0.00077EPSS

Exploits2References1Affected Software1

NVD•added 2026/01/16 12:16 a.m.•1 views

CVE-2021-47814

NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability...

7.5CVSS0.00035EPSS

Exploits1References3

CNNVD•added 2026/01/16 12:0 a.m.•1 views

Nsasoft NBMonitor security vulnerability

Nsasoft NBMonitor is a system performance monitoring tool developed by the US company Nsasoft. Version 1.6.8 of Nsasoft NBMonitor contains a security vulnerability. This vulnerability stems from an overflow in the registration code input field, which could lead to a denial-of-service attack...

7.5CVSS6AI score0.00035EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by