CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/10/27 1:34 a.m.•15 views

CVE-2025-62959

CVE-2025-62959 concerns the Paid Videochat Turnkey Site (ppv-live-webcams) WordPress plugin. The vulnerability stems from improper control of code generation, enabling Remote Code Inclusion/Execution for versions up to 7.3.22 (Authenticated/Admin access). Red Hat and NVD entries corroborate the R...

9.1CVSS5.9AI score0.00417EPSS

CVE•added 2025/10/27 1:34 a.m.•27 views

CVE-2025-62936

CVE-2025-62936 concerns WordPress theme/plugin xSmart (WordPress Theme: xSmart) with versions up to and including 1.2.9.4. The issue is Improper Neutralization of Script-Related HTML Tags in a Web Page, i.e., a Basic XSS vulnerability that can enable Code Injection. The vulnerability affects the ...

4.3CVSS6.2AI score0.00238EPSS

Vulnrichment•added 2025/10/27 1:33 a.m.•1 views

CVE-2025-62897 WordPress WP Recipe Maker plugin < 10.1.0 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through 10.1.0...

5.3CVSS5.2AI score0.00274EPSS

CNNVD•added 2025/10/27 12:0 a.m.•1 views

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS7.1AI score0.00274EPSS

4.3CVSS6.8AI score0.00238EPSS

WordPress plugin xSmart 安全漏洞

CNNVD•added 2025/10/27 12:0 a.m.•5 views

Projectworlds Expense Management System 代码注入漏洞

Projectworlds Expense Management System is an open source expense management system from Projectworlds. A code injection vulnerability exists in Projectworlds Expense Management System version 1.0, which stems from an incorrect manipulation of an unknown function in the file...

4.8CVSS4.2AI score0.00235EPSS

4.8CVSS4.2AI score0.00235EPSS

projectworlds Expense Management System 代码注入漏洞

Projectworlds Expense Management System is an open source expense management system from Projectworlds. A code injection vulnerability exists in version 1.0 of the projectworlds Expense Management System, which stems from an incorrect manipulation of an unknown function in the file...

Positive Technologies•added 2025/10/27 12:0 a.m.•4 views

PT-2025-43776

5.3CVSS6.6AI score0.00274EPSS

Exploits0References2

CNNVD•added 2025/10/27 12:0 a.m.•5 views

Chatwoot 代码注入漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A code injection vulnerability exists in Chatwoot 4.7.0 and earlier versions, which stems from a misuse of the parameter Link in the file...

6.1CVSS4.9AI score0.00367EPSS

Positive Technologies•added 2025/10/27 12:0 a.m.•8 views

PT-2025-43812

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Jthemes xSmart xsmart allows Code Injection.This issue affects xSmart: from n/a through = 1.2.9.4...

6.1CVSS6.6AI score0.00238EPSS

Exploits0References2

5.1CVSS4.7AI score0.0022EPSS

Wisencode Infotech Wisenshop 代码注入漏洞

Wisencode Infotech Wisenshop is an online shopping platform from India Wisencode Infotech. A code injection vulnerability exists in Wisencode Infotech Wisenshop 20251012 and earlier versions, which stems from an incorrect manipulation of the parameter Message in the file /support-ticket/create,...

CNNVD•added 2025/10/27 12:0 a.m.•2 views

Code-Projects Simple E-Banking System 代码注入漏洞

Code-Projects Simple E-Banking System is a simple e-banking system from Code-Projects. A code injection vulnerability exists in Code-Projects Simple E-Banking System version 1.0, which stems from an incorrect manipulation of the parameter Username in the file /eBank/register.php, which could lead...

6.1CVSS4.9AI score0.00356EPSS

Exploits1References5

5.1CVSS4.9AI score0.00227EPSS

OpenWGA 代码注入漏洞

OpenWGA is an OpenWGA open source content management system and web application development platform. A code injection vulnerability exists in OpenWGA version 7.11.12 Build 737, which stems from a cross-site scripting vulnerability in the Admin UI component...

Exploits0References4

4.8CVSS4.1AI score0.00246EPSS

Willow CMS 代码注入漏洞

Willow CMS is a content management system by mndeaves individual developers. A code injection vulnerability exists in Willow CMS 1.4.0 and earlier versions, which stems from an incorrect manipulation of the parameters title/body in the file /admin/articles/add, which could lead to a cross-site...

Exploits1References6

5.3CVSS4.9AI score0.00316EPSS

Modern Shop - PHP eCommerce Platform 代码注入漏洞

Modern Shop - PHP eCommerce Platform is an online shopping mall website by ABHIRAM B Individual Developer. A code injection vulnerability exists in Modern Shop - PHP eCommerce Platform version 20250922, which stems from an incorrect manipulation of the parameter q in file/search and could lead to...

Exploits1References5

Positive Technologies•added 2025/10/27 12:0 a.m.•4 views

PT-2025-43933

Name of the Vulnerable Software and Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service versions prior to 20251010 Description A code injection issue exists in the Central Authentication Service. The issue is located in the empty function of the /index.php/auth/widget...

6.5CVSS7AI score0.00345EPSS

Exploits0References7

6.5CVSS7AI score0.00345EPSS

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

Exploits0References4