CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

4382 matches found

CVE•added 2025/05/16 3:45 p.m.•26 views

CVE-2025-48121

CVE-2025-48121 affects the WP Notes Widget (WordPress). The issue is DOM-based XSS caused by improper input neutralization in the widget’s web page generation, impacting versions up to and including 1.0.6. The vulnerability is publicly discussed in PatchStack/PT-2025-21726 and corroborated by mul...

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

Tenable Nessus•added 2025/05/16 12:0 a.m.•10 views

VMware Aria Automation 8.18.x < 8.18.1 patch 2 DOM Based XSS (VMSA-2025-0008)

The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0008 advisory. - VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token o...

8.2CVSS8.6AI score0.00317EPSS

Exploits0References2

Positive Technologies•added 2025/05/16 12:0 a.m.•4 views

PT-2025-21732 · Aptivada · Aptivada

Name of the Vulnerable Software and Affected Versions: Aptivada for WP versions n/a through 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker could...

6.5CVSS6.8AI score0.00172EPSS

Exploits0References5

CNNVD•added 2025/05/16 12:0 a.m.•3 views

WordPress plugin WP Notes Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

6.5CVSS6.7AI score0.00169EPSS

Exploits0References3

Positive Technologies•added 2025/05/15 12:0 a.m.•2 views

PT-2025-21333

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 3.4.1 through 3.4.x Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows attackers to run malicious scripts. A DOM-based XSS...

5.6CVSS6.4AI score0.00259EPSS

Exploits0References17

RedhatCVE•added 2025/05/14 4:30 p.m.•13 views

CVE-2025-47578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

NVD•added 2025/05/12 4:15 p.m.•12 views

CVE-2025-47578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...

6.5CVSS0.00169EPSS

Exploits0References1

Cvelist•added 2025/05/12 4:4 p.m.•27 views

CVE-2025-47578 WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...

6.5CVSS0.00169EPSS

Exploits0References1

CVE•added 2025/05/12 4:4 p.m.•42 views

CVE-2025-47578

CVE-2025-47578 is a DOM-based XSS vulnerability in the WordPress plugin BNS Twitter Follow Button (versions up to and including 0.3.8). The issue arises from improper input neutralization during web page generation, enabling cross-site scripting. Affected software: BNS Twitter Follow Button

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

Positive Technologies•added 2025/05/12 12:0 a.m.•4 views

PT-2025-20725 · Unknown · Twitter Follow Button

Name of the Vulnerable Software and Affected Versions: BNS Twitter Follow Button versions 0.3.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that an attacker cou...

6.5CVSS6.8AI score0.00169EPSS

Exploits0References5

RedhatCVE•added 2025/05/09 3:27 p.m.•5 views

CVE-2025-47515

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Seb WP DPE-GES wp-dpe-ges allows DOM-Based XSS.This issue affects WP DPE-GES: from n/a through = 1.6...

6.5CVSS7.2AI score0.00215EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:26 p.m.•7 views

CVE-2025-47506

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Contextual Related Posts contextual-related-posts allows DOM-Based XSS.This issue affects Contextual Related Posts: from n/a through = 4.0.2...

6.5CVSS7.2AI score0.00254EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:26 p.m.•5 views

CVE-2025-47476

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org Cost Calculator for Elementor cost-calculator-for-elementor allows DOM-Based XSS.This issue affects Cost Calculator for Elementor: from n/a through = 1.3.3...

6.5CVSS7.2AI score0.00209EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:25 p.m.•8 views

CVE-2025-47675

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woobox Woobox woobox allows DOM-Based XSS.This issue affects Woobox: from n/a through = 1.6...

6.5CVSS7.2AI score0.00174EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:25 p.m.•6 views

CVE-2025-47501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...

6.5CVSS7.2AI score0.00209EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:25 p.m.•4 views

CVE-2025-47679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows DOM-Based XSS.This issue affects RS WP Book Showcase: from n/a through = 6.7.59...

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:25 p.m.•4 views

CVE-2025-47589

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in motov.net Ebook Store ebook-store allows DOM-Based XSS.This issue affects Ebook Store: from n/a through = 5.8009...

6.5CVSS7.2AI score0.00209EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:25 p.m.•5 views

CVE-2025-47493

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.2.9...

6.5CVSS7.2AI score0.00262EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:24 p.m.•5 views

CVE-2025-47497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Logo Showcase logo-showcase allows DOM-Based XSS.This issue affects Logo Showcase: from n/a through = 3.0.4...

6.5CVSS7.2AI score0.00217EPSS

Exploits0References1

RedhatCVE•added 2025/05/09 3:24 p.m.•5 views

CVE-2025-47488

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through = 5.3.2...

6.5CVSS7.2AI score0.00254EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by