Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6426 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 8:47 a.m.5 views

CVE-2025-23466

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsiteeditor Site Editor Google Map site-editor-google-map allows Reflected XSS.This issue affects Site Editor Google Map: from n/a through = 1.0.1...

7.1CVSS7.2AI score0.00321EPSS
Exploits0References1
SUSE Linux
SUSE Linuxadded 2026/01/09 8:2 a.m.3 views

Security update for poppler

This update for poppler fixes the following issues: CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

3.3CVSS7.2AI score0.00156EPSS
Exploits0References4
OSV
OSVadded 2026/01/09 8:2 a.m.2 views

SUSE-SU-2026:0081-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337...

2.1CVSS5.8AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/09 12:0 a.m.5 views

PT-2026-1961

Name of the Vulnerable Software and Affected Versions WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress versions through 1.1.8 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References4
OSV
OSVadded 2026/01/07 8:38 p.m.2 views

GHSA-RHFX-M35P-FF5J `IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

6.9CVSS6.8AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/01/07 8:38 p.m.26 views

`IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

6.9AI score
Exploits0References3Affected Software1
NVD
NVDadded 2026/01/07 6:15 p.m.2 views

CVE-2026-21504

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2...

7.8CVSS0.00179EPSS
Exploits1References6
CVE
CVEadded 2026/01/07 5:10 p.m.9 views

CVE-2026-21504

CVE-2026-21504 affects iccDEV before 2.3.1.2, where the ToneMap parser contains a heap buffer overflow vulnerability. Multiple sources (NVD, Red Hat, CVE lists, OSV) confirm the issue and indicate it has been patched in 2.3.1.2. Affected software: iccDEV libraries/tools for ICC color management p...

7.8CVSS7AI score0.00179EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/07 5:10 p.m.3 views

CVE-2026-21504 Heap Buffer Overflow in iccDEV ToneMap Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2...

6.6CVSS7AI score0.00179EPSS
Exploits1References6
OSV
OSVadded 2026/01/07 5:10 p.m.3 views

CVE-2026-21504 Heap Buffer Overflow in iccDEV ToneMap Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2...

6.6CVSS7.2AI score0.00179EPSS
Exploits1References8
RedHat Linux
RedHat Linuxadded 2026/01/07 2:45 p.m.6 views

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

4.3CVSS7.1AI score0.00382EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/01/07 12:46 p.m.5 views

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

4.3CVSS7.1AI score0.00382EPSS
Exploits0References2
NVD
NVDadded 2026/01/07 12:16 p.m.3 views

CVE-2025-14057

The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.003EPSS
Exploits0References4
NVD
NVDadded 2026/01/07 12:16 p.m.3 views

CVE-2025-13519

The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...

6.1CVSS0.00115EPSS
Exploits0References3
CVE
CVEadded 2026/01/07 9:21 a.m.16 views

CVE-2025-14057

CVE-2025-14057 : The WordPress plugin Multi-column Tag Map is affected by a Stored XSS via the parameter mctm_css_conditional in admin settings. Affected versions are up to 17.0.39, and exploitation requires authenticated admin+ privileges. The vulnerability is specific to WordPress multisite dep...

4.4CVSS4.7AI score0.003EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/07 9:21 a.m.1 views

CVE-2025-14057 Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter

The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.7AI score0.003EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/07 9:21 a.m.27 views

CVE-2025-14057 Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter

The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.003EPSS
Exploits0References4
CVE
CVEadded 2026/01/07 8:21 a.m.14 views

CVE-2025-13519

CVE-2025-13519 involves the SVG Map Plugin for WordPress. The vulnerability is a CSRF issue (CSRF to Settings Update) and Stored XSS in the SVG Map Plugin

6.1CVSS5.1AI score0.00115EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/07 8:21 a.m.4 views

CVE-2025-13519 SVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...

6.1CVSS5.1AI score0.00115EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/01/07 8:21 a.m.22 views

CVE-2025-13519 SVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...

6.1CVSS0.00115EPSS
Exploits0References3
Rows per page
Query Builder