CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2049 matches found

Cvelist•added 2025/11/25 4:37 a.m.•8 views

CVE-2025-64730

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product...

5.2CVSS0.00166EPSS

Exploits0References2

CNVD•added 2025/11/25 12:0 a.m.•4 views

WordPress HT Mega plugin cross-site scripting vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

6.4CVSS5.9AI score0.00179EPSS

Exploits0References1

CNNVD•added 2025/11/25 12:0 a.m.•2 views

Sony SNC-CX600W 跨站脚本漏洞

The Sony SNC-CX600W is a wireless network HD camcorder from Sony Japan. A cross-site scripting vulnerability exists in all versions of the Sony SNC-CX600W, which stems from susceptibility to cross-site scripting attacks that could lead to the execution of arbitrary scripts...

6.1CVSS5.2AI score0.00166EPSS

Exploits0References3

EUVD•added 2025/11/24 6:31 p.m.•6 views

EUVD-2025-198889

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6AI score0.00199EPSS

Exploits0References2

CNNVD•added 2025/11/24 12:0 a.m.•2 views

Dassault Systèmes ENOVIA Product Manager 安全漏洞

Dassault Systèmes ENOVIA Product Manager is a product lifecycle management software from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Product Manager Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x, which stems from a stored cross-site...

8.7CVSS6.1AI score0.00154EPSS

Exploits0References2

CVE•added 2025/11/21 6:17 a.m.•10 views

CVE-2025-61949

LogStare Collector is affected by CVE-2025-61949, a stored cross-site scripting vulnerability in the UserManagement component. The issue allows an arbitrary script to run in the browser of users who log in to the management page when crafted user information is stored. Documents confirm the affec...

5.4CVSS5.5AI score0.00142EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/11/21 6:17 a.m.•3 views

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

5.4CVSS5.1AI score0.00142EPSS

Exploits0References2

CNVD•added 2025/11/18 12:0 a.m.•2 views

WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability

WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...

5.9CVSS6.1AI score0.00141EPSS

Exploits0References1

CNVD•added 2025/11/14 12:0 a.m.•1 views

WordPress Easy Email Subscription plugin cross-site scripting vulnerability

The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...

7.2CVSS6.1AI score0.00315EPSS

Exploits0References1

Snyk•added 2025/11/13 2:44 a.m.•1 views

Cross-site Scripting (XSS)

Overview Bit.Boilerplate is an At bitplatform, we've curated a comprehensive toolkit to empower you in crafting the finest projects using Blazor. Diverging from others merely offering UI Toolkits, bit BlazorUI components distinguishes itself with over 80 components, with a compact size of under 4...

6.1CVSS5.4AI score0.00278EPSS

Exploits0References2

CNVD•added 2025/11/11 12:0 a.m.•2 views

WordPress Doliconnect plugin cross-site scripting vulnerability

WordPress Doliconnect plugin is a WordPress plugin that is mainly used to connect ERP systems such as Dolibarr with WordPress websites for data synchronization and functional integration. WordPress Doliconnect plugin suffers from a cross-site scripting vulnerability that stems from the...

6.1CVSS6.1AI score0.00187EPSS

Exploits0References1

CNVD•added 2025/11/05 12:0 a.m.•2 views

WordPress K Elements plugin cross-site scripting vulnerability

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

6.5CVSS6.1AI score0.00132EPSS

Exploits0References1

CVE•added 2025/11/03 9:56 p.m.•10 views

CVE-2016-15054

CVE-2016-15054 is rejected/not used and does not represent an active vulnerability entry.

5.8AI score0.00376EPSS

Exploits5

RedhatCVE•added 2025/10/31 10:8 p.m.•5 views

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

5.4CVSS6.3AI score0.00341EPSS

Exploits0References1

EUVD•added 2025/10/31 12:30 a.m.•4 views

EUVD-2018-21610

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting XSS via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.6AI score0.0042EPSS

Exploits0References3

CNVD•added 2025/10/31 12:0 a.m.•3 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

6.4CVSS5.9AI score0.00144EPSS

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•2 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

5.4CVSS6.1AI score0.00403EPSS

Exploits0References1