CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/12/15 10:21 a.m.•2 views

CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality

5.4CVSS6.3AI score0.00151EPSS

Cvelist•added 2025/12/15 10:21 a.m.•28 views

CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality

5.4CVSS0.00151EPSS

EUVD•added 2025/12/15 10:21 a.m.•5 views

EUVD-2025-203357

8.7CVSS6.2AI score0.00209EPSS

Cvelist•added 2025/12/15 12:0 a.m.•16 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

0.00184EPSS

Positive Technologies•added 2025/12/15 12:0 a.m.•4 views

PT-2025-51274

Name of the Vulnerable Software and Affected Versions MicroStudio version 24.01.29 Description A HTML Injection issue exists in the comment section of the project page. This allows remote attackers to inject arbitrary web script or HTML through the text parameter of the add project comment...

6.1CVSS6.6AI score0.00184EPSS

Exploits0References6

Vulnrichment•added 2025/12/15 12:0 a.m.•2 views

CVE-2025-51962

6.5AI score0.00184EPSS

CVE•added 2025/12/15 12:0 a.m.•6 views

CVE-2025-51962

CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...

6.1CVSS6.5AI score0.00184EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/12/14 7:59 a.m.•11 views

CVE-2025-9207

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

5.3CVSS6.4AI score0.00373EPSS

EUVD•added 2025/12/13 6:30 p.m.•6 views

EUVD-2025-203242

5.3CVSS5.9AI score0.00373EPSS

Exploits0References5

NVD•added 2025/12/13 4:16 p.m.•3 views

CVE-2025-9207

5.3CVSS0.00373EPSS

Vulnrichment•added 2025/12/13 7:21 a.m.•2 views

CVE-2025-9207 TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection

5.3CVSS6AI score0.00373EPSS

CVE•added 2025/12/13 7:21 a.m.•27 views

CVE-2025-9207

CVE-2025-9207 affects the TI WooCommerce Wishlist plugin for WordPress. The vulnerability is an HTML injection flaw present in all versions up to and including 2.10.0, caused by accepting values in hidden inputs without proper validation and outputting them without sanitization. This enables unau...

5.3CVSS6AI score0.00373EPSS

Patchstack•added 2025/12/13 2:39 a.m.•5 views

WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Unauthenticated HTML Injection vulnerability

Unauthenticated HTML Injection vulnerability discovered by pimschaaf - Open Roads in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...

5.3CVSS6.9AI score0.00373EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/13 12:0 a.m.•2 views

PT-2025-51094

5.3CVSS6.4AI score0.00373EPSS

CNNVD•added 2025/12/13 12:0 a.m.•5 views

WordPress plugin TI WooCommerce Wishlist 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An input...

5.3CVSS6.7AI score0.00373EPSS

Exploits0References5

Cvelist•added 2025/12/12 6:33 p.m.•28 views

CVE-2025-8082 Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

6.3CVSS0.00163EPSS

RedhatCVE•added 2025/12/12 6:12 p.m.•4 views

CVE-2025-14046

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by...

8.6CVSS6.5AI score0.0032EPSS

NVD•added 2025/12/12 8:15 a.m.•5 views

CVE-2025-67730

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.4CVSS0.00144EPSS

RedhatCVE•added 2025/12/12 4:13 a.m.•3 views

CVE-2025-8405

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

7.7CVSS6.7AI score0.00486EPSS