CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6426 matches found

RedhatCVE•added 2025/12/03 11:59 a.m.•7 views

CVE-2025-13090

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.5AI score0.00258EPSS

Exploits0References1

CNNVD•added 2025/12/03 12:0 a.m.•11 views

WordPress plugin WP Directory Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

10CVSS7.6AI score0.0472EPSS

Exploits3References5

VulnCheck KEV•added 2025/12/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS5.6AI score0.0472EPSS

In wildExploits3References2

Positive Technologies•added 2025/12/03 12:0 a.m.•10 views

PT-2025-48809

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.5 Description The WP Directory Kit plugin for WordPress has a flaw in its authentication process. Specifically, versions up to and including 1.4.4 are susceptible to authentication bypass due to a weak...

10CVSS6.7AI score0.0472EPSS

Exploits3References15

Tenable Nessus•added 2025/12/03 12:0 a.m.•4 views

SUSE SLES15: dpdk / dpdk-devel / dpdk-devel-static / dpdk-doc / dpdk-examples / etc (SUSE-SU-2025:4254-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4254-1 advisory. - Update to version 22.11.10 - CVE-2025-23259: Fixed an out-of-order completions in ordinary Rx burst. bsc1254161 Tenable has...

6.5CVSS7.2AI score0.00278EPSS

Exploits0References4

Vulnrichment•added 2025/12/02 6:12 p.m.•3 views

CVE-2025-66414 DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

7.6CVSS6.2AI score0.00445EPSS

Exploits0References2

OSV•added 2025/12/02 4:52 p.m.•8 views

GHSA-9H52-P55H-VW2F Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...

7.6CVSS6.8AI score0.00445EPSS

Exploits0References4

NVD•added 2025/12/02 12:16 p.m.•10 views

CVE-2025-13090

4.9CVSS0.00258EPSS

Exploits0References3

Vulnrichment•added 2025/12/02 11:20 a.m.•3 views

CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection

4.9CVSS6.2AI score0.00258EPSS

Exploits0References3

Cvelist•added 2025/12/02 11:20 a.m.•11 views

CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection

4.9CVSS0.00258EPSS

Exploits0References3

EUVD•added 2025/12/02 11:20 a.m.•3 views

EUVD-2025-200224

4.9CVSS6.1AI score0.00258EPSS

Exploits0References4

Positive Technologies•added 2025/12/02 12:0 a.m.•2 views

PT-2025-48665

4.9CVSS6.5AI score0.00258EPSS

Exploits0References4

CNNVD•added 2025/12/02 12:0 a.m.•8 views

WordPress plugin WP Directory Kit SQL注入漏洞

4.9CVSS7.5AI score0.00258EPSS

Exploits0References3

Patchstack•added 2025/12/01 11:30 p.m.•9 views

WordPress WP Directory Kit plugin <= 1.4.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin WP Directory Kit versions = 1.4.6...

4.9CVSS7.8AI score0.00258EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/28 6:3 a.m.•7 views

CVE-2025-13525

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'orderby' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.6AI score0.00219EPSS

Exploits0References1

IBM Security Bulletins•added 2025/11/27 11:46 a.m.•7 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

7.5CVSS6.3AI score0.00633EPSS

Exploits0Affected Software1

Patchstack•added 2025/11/27 10:47 a.m.•6 views

WordPress WP Directory Kit plugin <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability

Reflected Cross-Site Scripting via 'orderby' Parameter vulnerability discovered by blue0x1 in WordPress Plugin WP Directory Kit versions = 1.4.5...

6.1CVSS6.3AI score0.00219EPSS

Exploits0References1Affected Software1

EUVD•added 2025/11/27 6:31 a.m.•5 views

EUVD-2025-199792

6.1CVSS5.2AI score0.00219EPSS

Exploits0References6

Cvelist•added 2025/11/27 5:31 a.m.•11 views