CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

ATTACKERKB•added 2026/01/19 8:52 p.m.•1 views

CVE-2026-23877

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...

5.3CVSS5.5AI score0.00073EPSS

Exploits1References3Affected Software1

Circl•added 2026/01/18 6:32 p.m.•3 views

CVE-2026-23877

creationtimestamp| type| source ---|---|--- 2026-01-18 18:32:03+00:00| published-proof-of-concept| https://github.com/swingmx/swingmusic/security/advisories/GHSA-pj88-9xww-gxmh 2026-01-19 22:48:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcspyy5v4q2t 2026-01-24 21:23:22+00:00...

5.3CVSS5.7AI score0.00073EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 9:17 a.m.•4 views

CVE-2025-23877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nitethemes Nite Shortcodes nite-shortcodes allows Stored XSS.This issue affects Nite Shortcodes: from n/a through = 1.0...

6.5CVSS7.2AI score0.00335EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:12 a.m.•5 views

CVE-2023-23877

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin = 2.3.1 versions...

6.5CVSS5.6AI score0.00098EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:19 p.m.•4 views

CVE-2021-23877

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection MTP prior to 16.0.34x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP...

7.8CVSS7.4AI score0.00027EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:31 p.m.•5 views

CVE-2020-23877

pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream...

9.8CVSS7.8AI score0.00459EPSS

Exploits1

Circl•added 2025/01/16 9:18 p.m.•2 views

CVE-2025-23877

creationtimestamp| type| source ---|---|--- 2025-01-16 21:18:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7fox72o2f...

6.5CVSS6.9AI score0.00335EPSS

Exploits0References1

NVD•added 2025/01/16 9:15 p.m.•3 views

CVE-2025-23877

6.5CVSS0.00335EPSS

Exploits0References1

Vulnrichment•added 2025/01/16 8:7 p.m.•4 views

CVE-2025-23877 WordPress Nite Shortcodes plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

6.5CVSS7.2AI score0.00335EPSS

Exploits0References1

CVE•added 2025/01/16 8:7 p.m.•39 views

CVE-2025-23877

CVE-2025-23877 is a stored cross-site scripting vulnerability in the WordPress plugin suite Nite Shortcodes (affected: Nite Shortcodes

6.5CVSS7.2AI score0.00335EPSS

Exploits0References1

Circl•added 2024/01/26 11:27 a.m.•3 views

CVE-2024-23877

creationtimestamp| type| source ---|---|--- 2024-01-26 11:27:01+00:00| seen| https://t.me/ctinow/174156 2024-02-19 14:51:40+00:00| seen| https://t.me/ctinow/187709...

8.2CVSS6.1AI score0.00051EPSS

Exploits0References2

NVD•added 2024/01/26 10:15 a.m.•8 views

CVE-2024-23877

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerabilit...

8.2CVSS7.2AI score0.00051EPSS

Exploits0References1

CVE•added 2024/01/26 9:14 a.m.•56 views

CVE-2024-23877

CVE-2024-23877 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the currencyid parameter of /cupseasylive/currencycreate.php due to insufficient encoding, enabling an authenticated user to be targeted via a crafted URL and potentially have t...

8.2CVSS5.8AI score0.00051EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/01/26 9:14 a.m.•6 views

CVE-2024-23877 Cross-Site Scripting (XSS) vulnerability in Cups Easy

8.2CVSS7.1AI score0.00051EPSS

Exploits0References1

Circl•added 2023/08/08 4:14 p.m.•5 views

CVE-2023-23877

creationtimestamp| type| source ---|---|--- 2023-08-08 16:14:24+00:00| seen| https://t.me/cibsecurity/67990...

6.5CVSS6.7AI score0.00098EPSS

Exploits0References1

NVD•added 2023/08/08 12:15 p.m.•8 views

CVE-2023-23877

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin = 2.3.1 versions...

6.5CVSS5.8AI score0.00098EPSS

Exploits0References1

CVE•added 2023/08/08 11:31 a.m.•55 views

CVE-2023-23877

CVE-2023-23877 affects the Pinterest RSS Widget WordPress plugin by bkmacdaddy, of versions

6.5CVSS5.5AI score0.00098EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/05/11 12:0 a.m.•10 views

WordPress Pinterest RSS Widget Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Pinterest RSS Widget Type Plugin Vulnerable versions = 2.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23877 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 059666035da5 Credits István Márton Requir...

6.5CVSS5.8AI score0.00098EPSS

Exploits0References1Affected Software1

CVE•added 2021/11/10 9:25 p.m.•34 views

CVE-2020-23877

CVE-2020-23877 affects pdf2xml/pdftoxml version 2.0, where a stack buffer overflow is exposed in the getObjectStream component. The CVE is documented across multiple sources (NVD entry and CNVD/CNNVD variants) and indicates a high-severity issue (CVSS v2: AV:N/AC:L/Au:N/C:P/I:P/A:P; CVSS v3.1: CR...

9.8CVSS9.7AI score0.00459EPSS

Exploits1References2Affected Software1