CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2583 matches found

CVE•added 2025/05/19 2:45 p.m.•22 views

CVE-2025-48269

The CVE-2025-48269 entry describes a DOM-based XSS in WPAdverts (WordPress plugin) caused by improper input neutralization during web page generation, affecting WPAdverts versions up to 2.2.3. Affected plugin is WPAdverts; root cause is improper neutralization of input in page generation. Impact ...

6.5CVSS5.9AI score0.00174EPSS

Exploits0References1

Vulnrichment•added 2025/05/19 2:45 p.m.•10 views

CVE-2025-48269 WordPress WPAdverts <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.3...

6.5CVSS6.5AI score0.00174EPSS

Exploits0References1

Cvelist•added 2025/05/19 2:44 p.m.•16 views

CVE-2025-48235 WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through = 3.1.2...

6.5CVSS0.00215EPSS

Exploits0References1

Vulnrichment•added 2025/05/19 2:44 p.m.•8 views

CVE-2025-48235 WordPress WP Image Mask <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask allows DOM-Based XSS. This issue affects WP Image Mask: from n/a through 3.1.2...

6.5CVSS6.5AI score0.00215EPSS

Exploits0References1

CVE•added 2025/05/19 2:44 p.m.•30 views

CVE-2025-48235

CVE-2025-48235 relates to a DOM-based XSS in the WP Image Mask WordPress plugin (

6.5CVSS5.9AI score0.00215EPSS

Exploits0References1

Cvelist•added 2025/05/19 2:44 p.m.•16 views

CVE-2025-48234 WordPress Ultimate Blocks plugin <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.3.0...

6.5CVSS0.00262EPSS

Exploits0References1

CNNVD•added 2025/05/19 12:0 a.m.•1 views

WordPress plugin JetTabs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS6.7AI score0.00174EPSS

Exploits0References1

Positive Technologies•added 2025/05/19 12:0 a.m.•4 views

PT-2025-21980 · Unknown · Skt Blocks

Name of the Vulnerable Software and Affected Versions: SKT Blocks versions n/a through 2.2 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This means that an attacker could...

6.5CVSS6.3AI score0.00178EPSS

Exploits0References5

Positive Technologies•added 2025/05/19 12:0 a.m.•4 views

PT-2025-22027 · Unknown · Sihibbs Posts For Page

Name of the Vulnerable Software and Affected Versions: sihibbs Posts for Page versions n/a through 2.1 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This means that an attacker...

6.5CVSS6.8AI score0.00174EPSS

Exploits0References3

Positive Technologies•added 2025/05/19 12:0 a.m.•3 views

PT-2025-21948 · Unknown · Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: Ultimate Blocks versions n/a through 3.3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS attacks. Recommendations: For...

6.5CVSS6.1AI score0.00262EPSS

Exploits0References3

RedhatCVE•added 2025/05/18 4:3 p.m.•16 views

CVE-2025-48121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through = 1.0.6...

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

RedhatCVE•added 2025/05/18 4:3 p.m.•12 views

CVE-2025-48135

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aptivadadev Aptivada for WP aptivada-for-wp allows DOM-Based XSS.This issue affects Aptivada for WP: from n/a through = 2.0.0...

6.5CVSS7.2AI score0.00172EPSS

Exploits0References1

NVD•added 2025/05/16 4:15 p.m.•19 views

CVE-2025-48121

6.5CVSS0.00169EPSS

Exploits0References1

Vulnrichment•added 2025/05/16 3:45 p.m.•6 views

CVE-2025-48135 WordPress Aptivada for WP <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0...

6.5CVSS7AI score0.00172EPSS

Exploits0References1

CVE•added 2025/05/16 3:45 p.m.•28 views

CVE-2025-48135

CVE-2025-48135 (Aptivada for WP) describes a Cross-Site Scripting (DOM‑Based XSS) vulnerability caused by improper input neutralization during web page generation. Affected: the WordPress plugin Aptivada for WP, versions n/a through 2.0.0. Reported impact aligns with XSS risks via DOM manipulatio...

6.5CVSS7.2AI score0.00172EPSS

Exploits0References1Affected Software1

CVE•added 2025/05/16 3:45 p.m.•27 views

CVE-2025-48121

CVE-2025-48121 affects the WP Notes Widget (WordPress). The issue is DOM-based XSS caused by improper input neutralization in the widget’s web page generation, impacting versions up to and including 1.0.6. The vulnerability is publicly discussed in PatchStack/PT-2025-21726 and corroborated by mul...

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

Positive Technologies•added 2025/05/16 12:0 a.m.•4 views

PT-2025-21732 · Aptivada · Aptivada

Name of the Vulnerable Software and Affected Versions: Aptivada for WP versions n/a through 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker could...

6.5CVSS6.8AI score0.00172EPSS

Exploits0References5

Tenable Nessus•added 2025/05/16 12:0 a.m.•10 views

VMware Aria Automation 8.18.x < 8.18.1 patch 2 DOM Based XSS (VMSA-2025-0008)

The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0008 advisory. - VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token o...

8.2CVSS8.6AI score0.00317EPSS

Exploits0References2

Positive Technologies•added 2025/05/15 12:0 a.m.•3 views

PT-2025-21333

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 3.4.1 through 3.4.x Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows attackers to run malicious scripts. A DOM-based XSS...

5.6CVSS6.4AI score0.00259EPSS

Exploits0References17

RedhatCVE•added 2025/05/14 4:30 p.m.•13 views

CVE-2025-47578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...

6.5CVSS7.2AI score0.00169EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by