CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

335 matches found

ATTACKERKB•added 2026/03/13 11:42 a.m.•2 views

CVE-2026-32462

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

5.8AI score0.00014EPSS

Exploits0References2

Vulnrichment•added 2026/03/13 11:42 a.m.•3 views

CVE-2026-32454 WordPress Avada Core plugin < 5.15.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through 5.15.0...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/13 11:42 a.m.•4 views

CVE-2026-32450 WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0.7...

5.8AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/03/13 11:42 a.m.•23 views

CVE-2026-32419 WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

5.9CVSS0.00042EPSS

Exploits0References1

Cvelist•added 2026/03/13 11:42 a.m.•26 views

CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS0.00045EPSS

Exploits0References1

CNNVD•added 2026/03/13 12:0 a.m.•2 views

WordPress plugin Robo Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/11 12:23 a.m.•2 views

CVE-2026-27247 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00041EPSS

Exploits0References1

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10440

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS5.8AI score0.0005EPSS

Exploits0References3

NVD•added 2026/03/10 5:31 p.m.•3 views

CVE-2026-0489

6.1CVSS0.0005EPSS

Exploits0References2

Cvelist•added 2026/03/05 5:53 a.m.•27 views

CVE-2026-27382 WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

7.1CVSS0.00045EPSS

Exploits0References1

CVE•added 2026/03/05 5:53 a.m.•9 views

CVE-2026-27382

RadiusTheme Metro metro (≤ 2.13) is reported to be vulnerable to DOM-based XSS in web page generation. The CVE entry describes Cross-Site Scripting in Metro with this version range; patch/mitigation details are not provided in the supplied documents. Some sources list the issue as unpatched.

7.1CVSS5.9AI score0.00045EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:53 a.m.•2 views

CVE-2026-27348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6...

7.1CVSS5.9AI score0.00045EPSS

Exploits0References3

Positive Technologies•added 2026/03/05 12:0 a.m.•4 views

PT-2026-23256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

5.9AI score0.00045EPSS

Exploits0References2

CNNVD•added 2026/03/05 12:0 a.m.•3 views

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting...

7.3CVSS7.1AI score0.0004EPSS

Exploits0References3

CNNVD•added 2026/03/05 12:0 a.m.•2 views

WordPress plugin Photography 跨站脚本漏洞

7.1CVSS5.7AI score0.00045EPSS

Exploits0References2

NVD•added 2026/02/27 6:16 p.m.•3 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS0.00021EPSS

Exploits1References3

NVD•added 2026/02/20 4:22 p.m.•2 views

CVE-2025-69367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

7.1CVSS0.00015EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•18 views

CVE-2025-68856 WordPress Mopinion Feedback Form plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects Mopinion Feedback Form: from n/a through = 1.1.1...

7.1CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-68854 WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through = 2.1.2...

5.3AI score0.00015EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•17 views

CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...

7.1CVSS0.00045EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by