CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3642 matches found

Snyk•added 2026/04/09 6:10 p.m.•3 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Boxtitle and boxurl parameters. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input...

8.5CVSS5.8AI score0.00279EPSS

Exploits1References2

Cvelist•added 2026/04/09 12:0 a.m.•18 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

0.00279EPSS

Exploits1References2

ATTACKERKB•added 2026/04/09 12:0 a.m.•2 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.3AI score0.00279EPSS

Exploits1References3

CNNVD•added 2026/04/09 12:0 a.m.•4 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Version 6.15.20+251021 of Limesurvey contains a security vulnerability, which ste...

6.1CVSS5.6AI score0.00279EPSS

Exploits1References3

NVD•added 2026/04/08 9:16 a.m.•2 views

CVE-2026-39691

Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a...

5.3CVSS0.00214EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•6 views

CVE-2026-39691

The CVE-2026-39691 entry concerns the WordPress plugin “Cryptocurrency Donation Box – Bitcoin & Crypto Donations” (affected: versions up to and including 2.2.13). Description: a Missing Authorization vulnerability arising from incorrectly configured access control security levels, enabling exploi...

5.3CVSS5.9AI score0.00214EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•18 views

CVE-2026-39691 WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 2.2.13 - Broken Access Control vulnerability

5.3CVSS0.00214EPSS

Exploits0References1

EUVD•added 2026/04/08 8:30 a.m.•4 views

EUVD-2026-20385

5.9AI score0.00214EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•0 views

CVE-2026-39691

5.9AI score0.00214EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 8:30 a.m.•0 views

CVE-2026-39691 WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 2.2.13 - Broken Access Control vulnerability

5.8AI score0.00214EPSS

Exploits0References1

Patchstack•added 2026/04/08 7:38 a.m.•2 views

WordPress Popup Box AYS Pro plugin < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF vulnerability

Admin+ Stored Cross-Site Scripting XSS via CSRF vulnerability discovered by Spider Sec Ltd in WordPress Plugin Popup box versions 5.5.0...

5.4CVSS5.9AI score0.00136EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31253

5.9AI score0.00214EPSS

Exploits0References3

CNNVD•added 2026/04/08 12:0 a.m.•5 views

WordPress plugin Cryptocurrency Donation Box – Bitcoin & Crypto Donations 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00214EPSS

Exploits0References1

EUVD•added 2026/04/07 6:31 p.m.•2 views

EUVD-2026-19640

A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...

6CVSS6AI score0.0026EPSS

Exploits0References2

NVD•added 2026/04/07 4:16 p.m.•6 views

CVE-2026-1079

6CVSS0.0026EPSS

Exploits0References1

Cvelist•added 2026/04/07 3:17 p.m.•14 views

CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.

6CVSS0.0026EPSS

Exploits0References1

Vulnrichment•added 2026/04/07 3:17 p.m.•2 views

CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.

6CVSS6AI score0.0026EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 3:17 p.m.•1 views

CVE-2026-1079

6CVSS6AI score0.0026EPSS

Exploits0References2

CVE•added 2026/04/07 3:17 p.m.•6 views

CVE-2026-1079

CVE-2026-1079 describes a native messaging host vulnerability in the Pega Browser Extension (PBE) affecting users of all versions of Pega Robotic Automation with PBE installed. The issue allows a malicious website to trigger an unexpected message box via the native messaging host when a user visi...

6CVSS6AI score0.0026EPSS

Exploits0References1

EUVD•added 2026/04/07 9:31 a.m.•3 views

EUVD-2025-209259

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

5.4CVSS6AI score0.00136EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by