CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2581 matches found

SUSE CVE•added 2026/01/06 12:24 a.m.•2 views

SUSE CVE-2025-67495

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...

8CVSS7AI score0.00261EPSS

Exploits0References2

CNNVD•added 2026/01/06 12:0 a.m.•2 views

WordPress plugin TheGem Theme Elements (for WPBakery) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.9AI score0.00133EPSS

Exploits0References1

Positive Technologies•added 2026/01/06 12:0 a.m.•6 views

PT-2026-1493

Name of the Vulnerable Software and Affected Versions WPShop.Ru AdsPlace'r – Ad Manager, Inserter, AdSense Ads versions through 1.1.5 Description The software contains a flaw related to improper input handling during web page creation, leading to a DOM-Based Cross-site Scripting XSS condition. Th...

6.5CVSS6.7AI score0.00182EPSS

Exploits0References4

Positive Technologies•added 2026/01/06 12:0 a.m.•3 views

PT-2026-1487

Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Theme Elements for WPBakery versions through 5.11.0 Description TheGem Theme Elements for WPBakery contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS...

6.5CVSS6.4AI score0.00133EPSS

Exploits0References4

NVD•added 2026/01/05 5:15 p.m.•3 views

CVE-2024-30461

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11...

7.1CVSS0.00148EPSS

Exploits0References1

Vulnrichment•added 2026/01/05 4:36 p.m.•3 views

CVE-2024-30461 WordPress Tumult Hype Animations plugin <= 1.9.11 - CSRF to XSS vulnerability

7.1CVSS6AI score0.00148EPSS

Exploits0References1

NVD•added 2026/01/05 2:15 p.m.•1 views

CVE-2024-23511

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3...

6.5CVSS0.00128EPSS

Exploits0References1

NVD•added 2026/01/05 2:15 p.m.•3 views

CVE-2023-49186

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in KlbTheme Machic Core allows DOM-Based XSS.This issue affects Machic Core: from n/a through 1.2.6...

7.1CVSS0.00143EPSS

Exploits0References1

Vulnrichment•added 2026/01/05 1:33 p.m.•3 views

CVE-2024-23511 WordPress The Plus Addons for Elementor plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS6AI score0.00128EPSS

Exploits0References1

CNNVD•added 2026/01/05 12:0 a.m.•1 views

WordPress plugin The Plus Addons for Elementor Page Builder Lite 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.8AI score0.00128EPSS

Exploits0References2

RedhatCVE•added 2026/01/01 12:17 p.m.•8 views

CVE-2025-62757

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier webman-amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through = 1.5.12...

6.5CVSS5.9AI score0.00173EPSS

Exploits0References1

NVD•added 2025/12/31 5:15 p.m.•3 views

CVE-2025-63021

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetipi Valenti Engine valenti-engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through = 1.0.3...

6.5CVSS0.0017EPSS

Exploits0References1

CVE•added 2025/12/31 4:49 p.m.•8 views

CVE-2025-63021

Valenti Engine (WordPress) is listed in the Wordfence digest as CVE-2025-63021: an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability affecting Valenti Engine versions up to 1.0.3. The connected document provides the vulnerability type and affected version but does not disclos...

6.5CVSS5.9AI score0.0017EPSS

Exploits0References1

Cvelist•added 2025/12/31 4:49 p.m.•25 views

CVE-2025-63021 WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.0017EPSS

Exploits0References1

NVD•added 2025/12/31 12:16 p.m.•3 views

CVE-2025-62749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bainternet User Specific Content user-specific-content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through = 1.0.6...

6.5CVSS0.00173EPSS

Exploits0References1

CVE•added 2025/12/31 12:1 p.m.•13 views

CVE-2025-49358

Content Fetcher (WordPress plugin) has CVE-2025-49358: an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability affecting Content Fetcher

6.5CVSS5.9AI score0.00168EPSS

Exploits0References1

CVE•added 2025/12/31 11:57 a.m.•10 views

CVE-2025-62752

CVE-2025-62752 is a DOM/Stored XSS vulnerability in the Calendar.online / Kalender.digital WordPress plugin (affected: Calendar.online / Kalender.digital

6.5CVSS5.9AI score0.00168EPSS

Exploits0References1

Vulnrichment•added 2025/12/31 8:55 a.m.•4 views

CVE-2025-62758 WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8...

6.5CVSS6AI score0.00137EPSS

Exploits0References1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Essential Addons for Elementor plugin <= 6.0.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.0.4...

6.4CVSS5.3AI score0.00292EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•4 views

WordPress Divi theme <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme Divi versions = 4.27.1...

6.4CVSS5.3AI score0.00292EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by