CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/05/23 10:2 a.m.•4 views

CVE-2024-26577

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service application hang via a spoofed UDP packet containing at least 10 digits in JSON data...

7.5CVSS6.8AI score0.00083EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:38 a.m.•3 views

CVE-2023-26577

Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user...

7.5CVSS6.1AI score0.00237EPSS

Exploits0References1

RedhatCVE•added 2025/02/15 2:20 p.m.•6 views

CVE-2025-26577

Cross-Site Request Forgery CSRF vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through = 1.2...

7.1CVSS7.2AI score0.00096EPSS

Exploits0References1

Circl•added 2025/02/13 2:17 p.m.•5 views

CVE-2025-26577

creationtimestamp| type| source ---|---|--- 2025-02-13 14:17:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li2uvyx2yr2d 2025-02-13 14:56:03+00:00| seen| https://infosec.exchange/users/cve/statuses/113997156332156333 2025-02-13 15:10:16+00:00| seen|...

7.1CVSS7.3AI score0.00096EPSS

Exploits0References5

CVE•added 2025/02/13 1:53 p.m.•63 views

CVE-2025-26577

CVE-2025-26577 affects the WordPress plugin DX-auto-publish (versions up to and including 1.2). The issue is described as a Cross-Site Request Forgery (CSRF) that enables Stored XSS. Public details in connected documents identify the vulnerability class and affected software but do not provide an...

7.1CVSS7.2AI score0.00096EPSS

Exploits0References1

Cvelist•added 2025/02/13 1:53 p.m.•16 views

CVE-2025-26577 WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through = 1.2...

7.1CVSS0.00096EPSS

Exploits0References1

Cvelist•added 2023/10/25 9:40 a.m.•15 views

CVE-2023-26577 Stored Cross-site Scripting In IDAttend’s IDWeb Application

Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user...

7.5CVSS7.3AI score0.00237EPSS

Exploits0References1

CVE•added 2023/10/25 9:40 a.m.•35 views

CVE-2023-26577

CVE-2023-26577 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The issue is a stored cross-site scripting vulnerability that allows an attacker to hijack the browsing session of a logged-in user. Root cause: stored XSS in the IDWeb component. Impact is session hijacking as de...

7.5CVSS5.8AI score0.00237EPSS

Exploits0References1Affected Software1

Circl•added 2021/02/08 10:39 p.m.•0 views

CVE-2021-26577

creationtimestamp| type| source ---|---|--- 2021-02-08 22:39:49+00:00| seen| https://t.me/cibsecurity/23251...

7.8CVSS7.5AI score0.00073EPSS

Exploits0References1

CVE•added 2021/02/08 7:46 p.m.•38 views

CVE-2021-26577

The CVE-2021-26577 issue affects the BMC firmware in HPE Apollo 70 System prior to 3.0.14.0. A local buffer overflow in the libifc.so uploadsshkey function is the root cause. Impact is high due to potential control over the BMC from a local fault, with all confidentiality, integrity, and availabi...

7.8CVSS7.7AI score0.00073EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/02/08 7:46 p.m.•14 views

CVE-2021-26577

The Baseboard Management Controller BMC firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function...

8AI score0.00073EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by