CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/12/12 6:31 a.m.•2 views

EUVD-2025-202974

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.6AI score0.00029EPSS

Exploits0References6

NVD•added 2025/12/12 4:15 a.m.•4 views

CVE-2025-13971

4.4CVSS0.00029EPSS

Exploits0References5

CVE•added 2025/12/12 3:20 a.m.•4 views

CVE-2025-13971

CVE-2025-13971 affects the TWW Protein Calculator WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Header setting in all versions up to and including 1.0.24, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admini...

4.4CVSS4.7AI score0.00029EPSS

Exploits0References5

Cvelist•added 2025/12/12 3:20 a.m.•27 views

CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting

4.4CVSS0.00029EPSS

Exploits0References5

Vulnrichment•added 2025/12/12 3:20 a.m.•2 views

CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting

4.4CVSS4.7AI score0.00029EPSS

Exploits0References5

Positive Technologies•added 2025/12/12 12:0 a.m.•2 views

PT-2025-50838

4.4CVSS5AI score0.00029EPSS

Exploits0References6

Patchstack•added 2025/12/11 10:50 p.m.•6 views

WordPress TWW Protein Calculator plugin <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Header' Setting vulnerability discovered by ChamlaVic in WordPress Plugin TWW Protein Calculator versions = 1.0.24...

4.4CVSS5.5AI score0.00029EPSS

Exploits0References1Affected Software1

OSV•added 2023/07/06 5:15 a.m.•1 views

CVE-2023-26138

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

4.3CVSS5.8AI score0.00266EPSS

Exploits1References2

wpexploit•added 2021/08/09 12:0 a.m.•750 views

AddToAny < 1.7.46 - Authenticated Stored XSS

The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Sharing Header setting of the...

5.4CVSS0.6AI score0.00162EPSS

Exploits2

OSV•added 2019/07/01 2:15 p.m.•1 views

DEBIAN-CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

5.3CVSS8.8AI score0.04217EPSS

Exploits0References1

0day.today•added 2017/03/15 12:0 a.m.•31 views

Microsoft Edge Fetch API Arbitrary Header Setting Vulnerability

Exploit for windows platform in category remote exploits ------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 20...

4CVSS5.5AI score0.14929EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by