CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/05/15 8:6 p.m.•11 views

CVE-2024-10634 Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF

0.00161EPSS

Cvelist•added 2025/05/15 8:6 p.m.•13 views

CVE-2024-10632 Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00271EPSS

CNNVD•added 2025/05/15 12:0 a.m.•2 views

WordPress plugin Popup Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.3AI score0.00301EPSS

CNNVD•added 2025/05/15 12:0 a.m.•2 views

WordPress plugin Nokaut Offers Box 安全漏洞

4.3CVSS5AI score0.00161EPSS

Packet Storm News•added 2025/05/15 12:0 a.m.•6 views

AutoPentest: Enhancing Vulnerability Management with Autonomous LLM Agents

A recent area of increasing research is the use of Large Language Models LLMs in penetration testing, which promises to reduce costs and thus allow for higher frequency. We conduct a review of related work, identifying best practices and common evaluation issues. We then present AutoPentest, an...

6.9AI score

CNNVD•added 2025/05/15 12:0 a.m.•12 views

WordPress plugin Nokaut Offers Box 安全漏洞

4.8CVSS4.8AI score0.00271EPSS

Positive Technologies•added 2025/05/15 12:0 a.m.•3 views

PT-2025-21544 · WordPress · Popup Box

Name of the Vulnerable Software and Affected Versions: The Popup Box WordPress plugin versions prior to 4.7.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...

5.4CVSS5AI score0.00301EPSS

Exploits1References5

Positive Technologies•added 2025/05/15 12:0 a.m.•4 views

PT-2025-21406 · WordPress · Nokaut Offers Box

Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize a...

4.8CVSS4.7AI score0.00271EPSS

Exploits1References4

Positive Technologies•added 2025/05/15 12:0 a.m.•4 views

PT-2025-21407 · WordPress · Nokaut Offers Box

Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue concerns the lack of CSRF check when updating settings in the Nokaut Offers Box WordPress plugin. This could allow attackers to make a logged-in admin reset...

4.3CVSS4.5AI score0.00161EPSS

Exploits1References3

Packet Storm News•added 2025/05/14 12:0 a.m.•2 views

Adversarial Suffix Filtering: a Defense Pipeline for LLMs

Large Language Models LLMs are increasingly embedded in autonomous systems and public-facing environments, yet they remain susceptible to jailbreak vulnerabilities that may undermine their security and trustworthiness. Adversarial suffixes are considered to be the current state-of-the-art...

7AI score

Packet Storm News•added 2025/05/13 12:0 a.m.•5 views

Robustness Analysis against Adversarial Patch Attacks in Fully Unmanned Stores

The advent of convenient and efficient fully unmanned stores equipped with artificial intelligence-based automated checkout systems marks a new era in retail. However, these systems have inherent artificial intelligence security vulnerabilities, which are exploited via adversarial patch attacks,...

6.6AI score

Packet Storm News•added 2025/05/11 12:0 a.m.•1 views

DP-TRAE: a Dual-Phase Merging Transferable Reversible Adversarial Example for Image Privacy Protection

In the field of digital security, Reversible Adversarial Examples RAE combine adversarial attacks with reversible data hiding techniques to effectively protect sensitive data and prevent unauthorized analysis by malicious Deep Neural Networks DNNs. However, existing RAE techniques primarily focus...

6.8AI score

Packet Storm News•added 2025/05/10 12:0 a.m.•3 views

POISONCRAFT: Practical Poisoning of Retrieval-Augmented Generation for Large Language Models

Large language models LLMs have achieved remarkable success in various domains, primarily due to their strong capabilities in reasoning and generating human-like text. Despite their impressive performance, LLMs are susceptible to hallucinations, which can lead to incorrect or misleading outputs...

6.9AI score

RedhatCVE•added 2025/05/09 3:26 p.m.•4 views

CVE-2025-47447

Cross-Site Request Forgery CSRF vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Cross Site Request Forgery.This issue affects Cool Author Box: from n/a through = 3.0.0...

4.3CVSS7.2AI score0.0014EPSS

NVD•added 2025/05/07 3:15 p.m.•7 views

CVE-2025-47447

4.3CVSS0.0014EPSS

Vulnrichment•added 2025/05/07 2:19 p.m.•8 views

CVE-2025-47447 WordPress Cool Author Box plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

4.3CVSS8.5AI score0.0014EPSS

CVE•added 2025/05/07 2:19 p.m.•46 views

CVE-2025-47447

CVE-2025-47447 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Cool Author Box” (vulnerable through 3.0.0). The issue stems from CSRF protection gaps in Cool Author Box, enabling CSRF exploitation. Public sources (Patchstack, PT-Security) indicate affected versions u...

4.3CVSS7.2AI score0.0014EPSS