Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

Circl
Circladded 2026/03/27 10:55 a.m.1 views

CVE-2026-25101

creationtimestamp| type| source ---|---|--- 2026-03-27 10:55:00+00:00| seen| https://cert.pl/en/posts/2026/03/CVE-2026-25099/ 2026-03-27 16:32:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi2kakkqnh27 2026-04-02 22:21:44+00:00| seen|...

9.8CVSS4.8AI score0.00023EPSS
Exploits4References2
RedhatCVE
RedhatCVEadded 2025/05/22 10:8 p.m.4 views

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...

7.8CVSS7.8AI score0.00492EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:24 p.m.7 views

CVE-2021-25101

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin...

4.8CVSS6.2AI score0.00206EPSS
Exploits2References1
Circl
Circladded 2025/02/07 10:16 a.m.7 views

CVE-2025-25101

creationtimestamp| type| source ---|---|--- 2025-02-07 10:16:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhlenkchvs25 2025-02-07 10:48:20+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113962208280708929 2025-02-07 11:30:46+00:00| seen|...

9.6CVSS8.7AI score0.01239EPSS
Exploits2References3
Vulnrichment
Vulnrichmentadded 2025/02/07 10:11 a.m.13 views

CVE-2025-25101 WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7...

9.6CVSS7AI score0.01239EPSS
Exploits2References1
Cvelist
Cvelistadded 2025/02/07 10:11 a.m.21 views

CVE-2025-25101 WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in MetricThemes Munk Sites munk-sites allows Cross Site Request Forgery.This issue affects Munk Sites: from n/a through = 1.0.7...

9.6CVSS0.01239EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2024/04/22 1:31 a.m.11 views

CVE-2018-25101 l2c2technologies Koha opac-MARCdetail.pl cross site scripting

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2" leads to cross site scripting. The...

4CVSS6.3AI score0.00144EPSS
Exploits0References3
Circl
Circladded 2024/03/13 5:37 p.m.2 views

CVE-2024-25101

creationtimestamp| type| source ---|---|--- 2024-03-13 17:37:21+00:00| seen| https://t.me/ctinow/206951...

5.9CVSS7AI score0.00135EPSS
Exploits0References1
OSV
OSVadded 2024/03/13 4:15 p.m.1 views

CVE-2024-25101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6...

4.8CVSS5.8AI score
Exploits0References1
NVD
NVDadded 2024/03/13 4:15 p.m.8 views

CVE-2024-25101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6...

5.9CVSS5.7AI score0.00135EPSS
Exploits0References1
CVE
CVEadded 2024/03/13 4:5 p.m.46 views

CVE-2024-25101

CVE-2024-25101 affects the WordPress plugin Maspik – Spam Blacklist. Public details confirm an "Improper Neutralization of Input During Web Page Generation" leading to a stored XSS vulnerability in Maspik – Spam Blacklist versions

5.9CVSS6.9AI score0.00135EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2024/02/12 12:0 a.m.11 views

WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS)

Software Maspik – Spam blacklist Type Plugin Vulnerable versions = 0.10.6 Fixed in 0.10.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25101 Patch priority Low CVSS severity Low 5.9 Developer Yonifre PSID 8543ae1db053 Credits Dhabaleshwar Das Required privilege...

5.9CVSS6.5AI score0.00135EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2023/07/06 3:15 p.m.15 views

CVE-2023-25101

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.00291EPSS
Exploits1References2
Cvelist
Cvelistadded 2023/07/06 2:53 p.m.18 views

CVE-2023-25101

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.00291EPSS
Exploits1References1
CVE
CVEadded 2023/07/06 2:53 p.m.38 views

CVE-2023-25101

Milesight UR32L (v32.3.0.5) is affected by CVE-2023-25101 due to buffer overflow in the vtysh_ubus set_dmvpn path (gre_key) caused by unsafe sprintf usage. A high-privilege attacker can trigger via specially crafted HTTP requests to the /vtysh_ubus interface, potentially leading to arbitrary code...

7.2CVSS7.4AI score0.00291EPSS
Exploits1References2Affected Software1
Circl
Circladded 2023/02/04 12:21 p.m.0 views

CVE-2019-25101

creationtimestamp| type| source ---|---|--- 2023-02-04 12:21:23+00:00| seen| https://t.me/cibsecurity/57520...

9.8CVSS6.9AI score0.00628EPSS
Exploits0References1
NVD
NVDadded 2023/02/04 8:15 a.m.11 views

CVE-2019-25101

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

9.8CVSS7.2AI score0.00628EPSS
Exploits0References5
CVE
CVEadded 2023/02/04 7:57 a.m.49 views

CVE-2019-25101

OnShift TurboGears 1.0.11.10 is affected by a critical issue in the HTTP Header Handler (tur bogears/controllers.py) that enables HTTP response splitting. The vulnerability is exploitable remotely and is addressed by upgrading to version 1.0.11.11. The patch is identified as f68bbaba47f4474e1da55...

9.8CVSS8AI score0.00628EPSS
Exploits0References5Affected Software1
Circl
Circladded 2022/02/24 6:21 p.m.0 views

CVE-2022-25101

creationtimestamp| type| source ---|---|--- 2022-02-24 18:21:29+00:00| seen| https://t.me/cibsecurity/38020...

7.8CVSS7.5AI score0.00492EPSS
Exploits1References1
OSV
OSVadded 2022/02/24 3:15 p.m.11 views

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...

7.8CVSS7.7AI score
Exploits0References1
Rows per page
Query Builder