Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5124 matches found

Vulnrichment
Vulnrichmentadded 2025/11/27 6:11 p.m.2 views

CVE-2025-3261

...

6.2AI score0.00033EPSS
Exploits0
CVE
CVEadded 2025/11/27 6:11 p.m.10 views

CVE-2025-3261

CVE-2025-3261 entry is rejected/not used as stated; it does not represent an active vulnerability.

5.4AI score0.00033EPSS
Exploits0
CNVD
CNVDadded 2025/11/27 12:0 a.m.7 views

WordPress iframe plugin cross-site scripting vulnerability

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

6.4CVSS6.1AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/11/27 12:0 a.m.3 views

PT-2025-48282

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description An authenticated user can upload malicious SVG images through the "Image Gallery". This leads to a Stored Cross-Site Scripting XSS issue. The exploit is triggered when any user accesses the publi...

6.2CVSS5.4AI score0.00033EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/11/26 7:59 a.m.11 views

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00157EPSS
Exploits0References1
Veracode
Veracodeadded 2025/11/25 10:51 a.m.6 views

Stored Cross-Site Scripting (XSS)

Flowise is vulnerable to Stored Cross-Site ScriptingXSS. The vulnerability is due to improper sanitization of IFRAME elements in chat logs, which allows an attacker to inject malicious code that executes when an admin views the log...

8.2CVSS6.6AI score0.12856EPSS
Exploits1References6Affected Software3
NVD
NVDadded 2025/11/25 8:15 a.m.8 views

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00157EPSS
Exploits0References2
CVE
CVEadded 2025/11/25 7:28 a.m.19 views

CVE-2025-12645

The CVE-2025-12645 entry concerns the WordPress Inline frame – Iframe plugin (versions

6.4CVSS4.7AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/25 7:28 a.m.3 views

CVE-2025-12645 Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/25 12:0 a.m.4 views

PT-2025-48002

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00157EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/25 12:0 a.m.2 views

WordPress plugin Iframe 跨站脚本漏洞

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

6.4CVSS6AI score0.00157EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/11/24 11:59 p.m.7 views

WordPress Inline frame – Iframe plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Inline frame – Iframe versions = 0.1...

6.4CVSS5.8AI score0.00157EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/11/24 12:0 a.m.4 views

Google Chrome < 4.2.77.14 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 4.2.77.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers ...

7.5CVSS8.9AI score0.02702EPSS
Exploits1References26
RedhatCVE
RedhatCVEadded 2025/11/20 9:36 p.m.5 views

CVE-2025-0421

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025...

4.7CVSS7AI score0.00184EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/11/20 12:0 a.m.12 views

TencentOS Server 4: thunderbird (TSSA-2024:1046)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1046 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.00815EPSS
Exploits0References11
NVD
NVDadded 2025/11/19 2:15 p.m.6 views

CVE-2025-0421

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

4.7CVSS0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/19 1:28 p.m.9 views

CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

4.7CVSS5.4AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/19 1:28 p.m.12 views

CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

4.7CVSS0.00184EPSS
Exploits0References2
CVE
CVEadded 2025/11/19 1:28 p.m.14 views

CVE-2025-0421

CVE-2025-0421 describes an improper restriction of rendered UI layers or frames in Shopside, enabling an iFrame overlay vulnerability in Shopside Software Technologies Inc. The issue affects Shopside versions through 05022025. The available documents identify the affected product and the underlyi...

4.7CVSS5.4AI score0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2025/11/19 1:28 p.m.4 views

CVE-2025-0421

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

4.7CVSS5.4AI score0.00184EPSS
Exploits0References3
Rows per page
Query Builder