CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

84 matches found

Snyk•added 2026/05/14 6:27 p.m.•4 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An attacker can execute arbitrary JavaScript by supplying a javascript: URL in an image widget's link URL field and having it rendered on the page. This affects...

5.4CVSS6.1AI score

Exploits0References3

Debian CVE•added 2026/05/01 5:53 p.m.•4 views

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS5.8AI score0.00018EPSS

Exploits0

Github Security Blog•added 2026/04/24 3:22 p.m.•7 views

Lemmy has SSRF in /api/v3/post via Webmention dispatch

Summary Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controlled link target. The submitted URL is checked for syntax and scheme, but th...

6.3CVSS5.6AI score0.00038EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/04/05 10:55 a.m.•2 views

CVE-2026-0738

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00012EPSS

Exploits0References1

CNNVD•added 2026/03/22 12:0 a.m.•2 views

Deluge 安全漏洞

Deluge is a fully featured cross-platform BitTorrent client software developed by the Deluge team. Version 1.3.15 of Deluge contains a security vulnerability. This vulnerability stems from a denial-of-service attack in the URL field, which could allow local attackers to cause the application to...

6.9CVSS5.8AI score0.00021EPSS

Exploits1References4

Positive Technologies•added 2026/03/20 12:0 a.m.•3 views

PT-2026-26626

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

6.1CVSS5.7AI score0.00047EPSS

Exploits1References6

RedhatCVE•added 2026/03/11 7:9 a.m.•1 views

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

6.1CVSS6.2AI score0.00206EPSS

Exploits2References1

EUVD•added 2026/03/10 9:32 p.m.•1 views

EUVD-2025-208519

5.4CVSS5.9AI score0.00206EPSS

Exploits2References3

NVD•added 2026/03/10 8:16 p.m.•0 views

CVE-2025-70128

6.1CVSS0.00051EPSS

Exploits1References2

OSV•added 2026/03/10 8:16 p.m.•0 views

UBUNTU-CVE-2025-70128

6.1CVSS6AI score0.00051EPSS

Exploits1References2

Cvelist•added 2026/03/10 12:0 a.m.•23 views

CVE-2025-70128

0.00051EPSS

Exploits1References2

ATTACKERKB•added 2026/03/10 12:0 a.m.•2 views

CVE-2025-70128

5.4CVSS5.9AI score0.00206EPSS

Exploits2References3

CVE•added 2026/03/10 12:0 a.m.•2 views

CVE-2025-70128

Summary: CVE-2025-70128 describes a Stored XSS in PluXml, affecting versions up to 5.8.22, in the article comments feature. Affected component: PluXml core/admin/comments.php. Root cause: User-supplied input in the comment’s link field is not properly sanitized/validated, allowing malicious [remo...

6.1CVSS5.9AI score0.00051EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/02/27 6:43 a.m.•6 views

CVE-2025-14040

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...

6.4CVSS6AI score0.00012EPSS

Exploits0References4

RedhatCVE•added 2026/02/04 1:20 p.m.•3 views

CVE-2025-14274

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Border Hero widget's Button Link field in versions up to 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied URLs. This makes it possible for...

5.4CVSS5.5AI score0.00041EPSS

Exploits0References1

NVD•added 2026/02/03 6:15 a.m.•3 views

CVE-2025-14274

5.4CVSS0.00041EPSS

Exploits0References4

EUVD•added 2026/02/03 5:30 a.m.•3 views

EUVD-2025-206742

5.4CVSS5.5AI score0.00041EPSS

Exploits0References4

Cvelist•added 2026/02/03 5:30 a.m.•22 views

CVE-2025-14274 Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget

5.4CVSS0.00041EPSS

Exploits0References4

ATTACKERKB•added 2026/02/03 5:30 a.m.•2 views

CVE-2025-14274

5.4CVSS5.5AI score0.00041EPSS

Exploits0References5

CNNVD•added 2026/02/03 12:0 a.m.•4 views

WordPress plugin Unlimited Elements for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.7AI score0.00041EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by