CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2581 matches found

ATTACKERKB•added 2026/01/23 2:29 p.m.•3 views

CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS5.9AI score0.0014EPSS

Exploits0References2

CVE•added 2026/01/23 2:29 p.m.•10 views

CVE-2026-24614

CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...

5.9CVSS5.9AI score0.00136EPSS

Exploits0References1

Vulnrichment•added 2026/01/23 2:28 p.m.•3 views

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

6.5CVSS5.9AI score0.00156EPSS

Exploits0References1

Positive Technologies•added 2026/01/23 12:0 a.m.•3 views

PT-2026-4376

Name of the Vulnerable Software and Affected Versions Steve Truman Email Inquiry & Cart Options for WooCommerce versions through 3.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This...

5.4AI score0.00198EPSS

Exploits0References3

NVD•added 2026/01/22 5:16 p.m.•4 views

CVE-2026-24354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

6.5CVSS0.0013EPSS

Exploits0References1

CVE•added 2026/01/22 4:52 p.m.•11 views

CVE-2026-24383

CVE-2026-24383 concerns the WordPress plugin B Slider (b-slider) with versions up to and including 2.0.6, which is affected by a DOM-based Cross-Site Scripting (XSS) in input handling during web page generation. The vulnerability is classified as medium severity (CVSSv3.1: AV:N/AC:L/PR:L/UI:R/S:C...

6.5CVSS5.4AI score0.00129EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 4:52 p.m.•3 views

CVE-2026-22349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through = 1.4.1...

5.4CVSS5.3AI score0.00161EPSS

Exploits0References2

CVE•added 2026/01/22 4:51 p.m.•10 views

CVE-2025-50005

The CVE-2025-50005 entry concerns tagDiv Composer (td-composer) for WordPress, affected through version 5.4.2. The issue is a DOM-Based XSS vulnerability caused by improper neutralization of input during web page generation, enabling injection of script code in user-controlled content. Public doc...

6.5CVSS5.4AI score0.00211EPSS

Exploits0References1

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4272

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through = 1.3.2...

5.4AI score0.00129EPSS

Exploits0References2

Positive Technologies•added 2026/01/22 12:0 a.m.•7 views

PT-2026-4102

Name of the Vulnerable Software and Affected Versions Kriesi Enfold versions through 7.1.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the potential execution of...

5.4AI score0.00198EPSS

Exploits0References3

CNNVD•added 2026/01/22 12:0 a.m.•9 views

WordPress plugin Carousel Horizontal Posts Content Slider has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS

Exploits0References1

NVD•added 2026/01/20 3:16 p.m.•4 views

CVE-2025-15380

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

7.2CVSS0.00242EPSS

Exploits0References3

Cvelist•added 2026/01/20 2:26 p.m.•23 views

CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'

7.2CVSS0.00242EPSS

Exploits0References3

CVE•added 2026/01/20 2:26 p.m.•17 views

CVE-2025-15380

The CVE-2025-15380 entry concerns the NotificationX WordPress plugin (FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar). Affected versions up to and including 3.2.0 are vulnerable to DOM-Based Cross-Site Scripting via the ...

7.2CVSS5.7AI score0.00242EPSS

Exploits0References3

ATTACKERKB•added 2026/01/20 2:26 p.m.•2 views

CVE-2025-15380

7.2CVSS5.5AI score0.00242EPSS

Exploits0References4

Positive Technologies•added 2026/01/20 12:0 a.m.•8 views

PT-2026-3573

7.2CVSS5.7AI score0.00242EPSS

Exploits0References4

RedhatCVE•added 2026/01/13 10:52 p.m.•3 views

CVE-2025-69275

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

7.1CVSS7AI score0.00122EPSS

Exploits0References1

OSV•added 2026/01/12 5:16 a.m.•0 views

CVE-2025-69275

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

6.1CVSS5.8AI score0.00122EPSS

Exploits0References1

Vulnrichment•added 2026/01/12 4:47 a.m.•5 views

CVE-2025-69275 Spectrum outdated java library in class-path

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

7.1CVSS6.6AI score0.00122EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•3 views

CVE-2021-31673

A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...

6.1CVSS6AI score0.03351EPSS

Exploits4References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by