CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5654 matches found

RedhatCVE•added 2026/01/09 8:47 a.m.•4 views

CVE-2025-23606

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sebkay Calendi calendi allows Reflected XSS.This issue affects Calendi: from n/a through = 1.1.1...

7.1CVSS7.2AI score0.00378EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•7 views

CVE-2025-23923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through = 0.999...

7.1CVSS7.2AI score0.00302EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•5 views

CVE-2025-23491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikash Srivastava VSTEMPLATE Creator vstemplate-creator allows Reflected XSS.This issue affects VSTEMPLATE Creator: from n/a through = 2.0.2...

7.1CVSS7.2AI score0.00305EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•3 views

CVE-2025-23635

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

7.1CVSS5.9AI score0.00363EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•5 views

CVE-2025-23679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flourish Pixel FP RSS Category Excluder fp-rss-category-excluder allows Reflected XSS.This issue affects FP RSS Category Excluder: from n/a through = 1.0.0...

7.1CVSS7.2AI score0.0036EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:41 a.m.•8 views

CVE-2022-0121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1...

8CVSS7.9AI score0.01199EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:39 a.m.•11 views

CVE-2022-35851

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting XSS attack via configuring a specially crafted IP Address...

8CVSS5.5AI score0.00448EPSS

Exploits0References1

Cvelist•added 2026/01/09 12:0 a.m.•25 views

CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...

2.3CVSS0.00172EPSS

Exploits1References2

NVD•added 2026/01/08 10:15 a.m.•11 views

CVE-2025-67932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through 2.0.19...

7.1CVSS0.00146EPSS

Exploits0References1

NVD•added 2026/01/08 10:15 a.m.•2 views

CVE-2025-12551

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6...

7.1CVSS0.00175EPSS

Exploits0References1

Vulnrichment•added 2026/01/08 9:17 a.m.•2 views

CVE-2025-68874 WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through = 1.5.0...

6AI score0.00149EPSS

Exploits0References1

Vulnrichment•added 2026/01/08 9:17 a.m.•1 views

CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...

7.1CVSS6AI score0.0018EPSS

Exploits0References1

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin WP Virtual Assistant 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6.1AI score0.00222EPSS

Exploits0References1

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin WP App Bar 安全漏洞

7.1CVSS5.9AI score0.00149EPSS

Exploits0References1

CNNVD•added 2026/01/08 12:0 a.m.•2 views

WordPress plugin Famous 安全漏洞

7.1CVSS6AI score0.00228EPSS

Exploits0References1

Positive Technologies•added 2026/01/08 12:0 a.m.•3 views

PT-2026-1926

Name of the Vulnerable Software and Affected Versions WP-BusinessDirectory versions through 3.1.5 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Reflected Cross-site Scripting XSS condition. This allows for the injection of...

7.1CVSS6.1AI score0.00194EPSS

Exploits0References5

Positive Technologies•added 2026/01/08 12:0 a.m.•7 views

PT-2026-2195

Name of the Vulnerable Software and Affected Versions pencilwp X Addons for Elementor versions through 1.0.23 Description An issue exists in pencilwp X Addons for Elementor that allows for DOM-Based Cross-site Scripting XSS. This is due to improper neutralization of input during web page...

6.5CVSS6.6AI score0.00175EPSS

Exploits0References5

Vulnrichment•added 2026/01/07 12:37 p.m.•2 views

CVE-2025-46494 WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...

7.1CVSS6AI score0.00146EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:15 a.m.•21 views

CVE-2019-16151

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's...

6.1CVSS7.6AI score0.00356EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:15 a.m.•12 views

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

6.1CVSS7.7AI score0.0025EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by