CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4380 matches found

Cvelist•added 2025/12/18 4:16 p.m.•24 views

CVE-2025-64355 WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through = 2.7.12...

6.5CVSS0.00133EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 4:16 p.m.•0 views

CVE-2025-64355 WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.2AI score0.00133EPSS

Exploits0References1

CVE•added 2025/12/18 4:16 p.m.•11 views

CVE-2025-64355

CVE-2025-64355 concerns WordPress JetElements For Elementor plugin (

6.5CVSS5.9AI score0.00133EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 7:22 a.m.•2 views

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS6AI score0.0018EPSS

Exploits0References1

CVE•added 2025/12/18 7:22 a.m.•8 views

CVE-2025-64207

CVE-2025-64207 concerns TieLabs Jannah WordPress theme (versions

7.1CVSS6AI score0.0018EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:22 a.m.•24 views

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS0.0018EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:22 a.m.•23 views

CVE-2025-6324 WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS0.00149EPSS

Exploits0References1

CNNVD•added 2025/12/18 12:0 a.m.•1 views

WordPress plugin Easy Invoice 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.00149EPSS

Exploits0References1

CNNVD•added 2025/12/18 12:0 a.m.•10 views

WordPress plugin Jannah 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.1CVSS6AI score0.0018EPSS

Exploits0References1

Positive Technologies•added 2025/12/18 12:0 a.m.•3 views

PT-2025-52162

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

6.4AI score0.0018EPSS

Exploits0References2

Patchstack•added 2025/12/17 10:18 p.m.•11 views

WordPress Live Composer – Free WordPress Website Builder plugin <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...

6.4CVSS5.3AI score0.00193EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/17 6:21 p.m.•3 views

CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS5.1AI score0.00193EPSS

Exploits0References4

RedhatCVE•added 2025/12/17 10:3 a.m.•7 views

CVE-2025-67986

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.9CVSS6.4AI score0.00176EPSS

Exploits0References1

RedhatCVE•added 2025/12/17 10:3 a.m.•8 views

CVE-2025-67983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

6.5CVSS6.4AI score0.00161EPSS

Exploits0References1

NVD•added 2025/12/16 4:16 p.m.•4 views

CVE-2025-68166

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab...

6.1CVSS0.00162EPSS

Exploits0References1

Cvelist•added 2025/12/16 3:27 p.m.•26 views

CVE-2025-68166

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab...

5.4CVSS0.00162EPSS

Exploits0References1

NVD•added 2025/12/16 9:16 a.m.•3 views

CVE-2025-67983

6.5CVSS0.00161EPSS

Exploits0References1

NVD•added 2025/12/16 9:15 a.m.•3 views

CVE-2025-67951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS0.00156EPSS

Exploits0References1

CVE•added 2025/12/16 8:12 a.m.•9 views

CVE-2025-67986

CVE-2025-67986: Barn2 Plugins Document Library Lite suffers DOM-based XSS due to improper input neutralization during web page generation. Affected: Document Library Lite (Barn2 Plugins) up to version 1.1.7. Impact: potential client-side script execution if user-supplied input is processed on the...

5.9CVSS6AI score0.00176EPSS

Exploits0References1

Cvelist•added 2025/12/16 8:12 a.m.•30 views

CVE-2025-67983 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00161EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by