CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added yesterday•25 views

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

6AI score

Exploits0

Nuclei•added yesterday•21 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.8AI score0.16021EPSS

Exploits2References2

Nuclei•added yesterday•21 views

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

6.1CVSS6.9AI score0.03049EPSS

Exploits1References5

Nuclei•added yesterday•62 views

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

6.1CVSS6.3AI score0.1207EPSS

Exploits2References5

Nuclei•added yesterday•13 views

Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS7.1AI score0.21793EPSS

Exploits3References2

Nuclei•added yesterday•9 views

WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator- from n/a through 1.0.9. id: CVE-2023-47873 info: name: WordPress WP Child Theme Generator 1.1.3 - Arbitrary File Upload author: cysamu,Crux severity...

9.1CVSS7.3AI score0.12957EPSS

Exploits0References4

Nuclei•added yesterday•35 views

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtwpgaepbdwnldpdf function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS7.4AI score0.93824EPSS

Exploits3References4

RedHat Linux•added 2 days ago•4 views

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

7.5CVSS5.7AI score0.00056EPSS

Exploits0References5

Nuclei•added 2 days ago•15 views

Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.2AI score0.7146EPSS

Exploits1References2

EUVD•added 2 days ago•6 views

EUVD-2025-210027

Memory Corruption when sending random number generator command with insufficient output buffer size...

NVD•added 3 days ago•5 views

CVE-2025-59614

Memory Corruption when sending random number generator command with insufficient output buffer size...

6.7CVSS0.00011EPSS

Vulnrichment•added 3 days ago•2 views

CVE-2025-59614 Out-of-bounds Write in Windows Compute

Memory Corruption when sending random number generator command with insufficient output buffer size...

Cvelist•added 3 days ago•22 views

CVE-2025-59614 Out-of-bounds Write in Windows Compute

Memory Corruption when sending random number generator command with insufficient output buffer size...

6.7CVSS0.00011EPSS

CVE•added 3 days ago•8 views

CVE-2025-59614

Technical details for CVE-2025-59614 are not publicly available in the provided documents. Monitor for updates from NVD and Qualcomm security bulletins.

Exploits0References1Affected Software1

ATTACKERKB•added 3 days ago•4 views

CVE-2025-59614

Memory Corruption when sending random number generator command with insufficient output buffer size...

Patchstack•added 3 days ago•8 views

WordPress Crawlomatic Multipage Scraper Post Generator plugin <= 2.7.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.7.2...

8.8CVSS5.8AI score0.00264EPSS

Exploits0References1Affected Software1

Positive Technologies•added 3 days ago•7 views

PT-2026-45637

Memory Corruption when sending random number generator command with insufficient output buffer size...

CNNVD•added 3 days ago•3 views

Qualcomm Chipsets Buffer Error Vulnerability

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a buffer error vulnerability, which stems from insufficient output buffer size during the execution of random number generator commands, leading to memory corruption...

6.7CVSS6.1AI score0.00011EPSS