CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'updatemetadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of...

6.5CVSS5.2AI score0.23642EPSS

Exploits0References5

RedhatCVE•added 6 days ago•9 views

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.5AI score0.00031EPSS

Exploits1References1

ATTACKERKB•added 2026/05/29 9:28 a.m.•6 views

CVE-2025-12714

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00075EPSS

Exploits0References7

Vulnrichment•added 2026/05/29 9:28 a.m.•20 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

5.3CVSS5.8AI score0.00075EPSS

Exploits0References6

CVE•added 2026/05/29 9:28 a.m.•18 views

CVE-2025-12714

The CVE-2025-12714 relates to the Rank Math SEO – AI SEO Tools to Dominate SEO Rankings WordPress plugin. Concrete detail: a missing capability check in update_site_editor_homepage affects all versions up to 1.0.271, enabling unauthenticated modification of settings such as homepage title, meta d...

5.3CVSS5.8AI score0.00075EPSS

Exploits0References6

Cvelist•added 2026/05/29 9:28 a.m.•30 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

5.3CVSS0.00075EPSS

Exploits0References6

OSV•added 2026/05/26 9:16 p.m.•5 views

DEBIAN-CVE-2026-44708

6.1CVSS5.8AI score0.00031EPSS

Exploits1References1

UbuntuCve•added 2026/05/26 9:16 p.m.•8 views

CVE-2026-44708

6.1CVSS5.8AI score0.00031EPSS

Exploits1References3

EUVD•added 2026/05/26 8:39 p.m.•8 views

EUVD-2026-31993

6.1CVSS5.8AI score0.00031EPSS

Exploits1References2

Debian CVE•added 2026/05/26 8:39 p.m.•6 views

CVE-2026-44708

6.1CVSS5.8AI score0.00031EPSS

Exploits1

CVE•added 2026/05/26 8:39 p.m.•17 views

CVE-2026-44708

Mistune prior to 3.2.1 is vulnerable: the math plugin renders inline ($...$) and block ($$...$$) math by directly concatenating user-supplied text into HTML output, bypassing HTML escaping even when escape=True. This is fixed in 3.2.1. Exploitation paths include injecting unescaped HTML/JS inside...

6.1CVSS5.8AI score0.00031EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/26 8:39 p.m.•7 views

CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass

6.1CVSS5.8AI score0.00031EPSS

Exploits1References2

Cvelist•added 2026/05/26 8:39 p.m.•28 views

CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass

6.1CVSS0.00031EPSS

Exploits1References2

OSV•added 2026/05/08 11:40 p.m.•3 views

GHSA-8G87-J6Q8-G93X Mistune Math Plugin has an XSS Escape Bypass

Summary The mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is explicitly created with escape=True, which is supposed to guarantee that all...

6.1CVSS5.9AI score0.00031EPSS

Exploits1References4

Snyk•added 2026/05/08 11:40 p.m.•10 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderblockmath and inline math rendering paths in the math plugin. An attacker can inject arbitrary XML/HTML into rendered math output by supplying crafted math content that is emitted without escaping...

6.1CVSS5.7AI score0.00031EPSS

Exploits1References2

Github Security Blog•added 2026/05/08 11:40 p.m.•13 views

Mistune Math Plugin has an XSS Escape Bypass

6.1CVSS5.9AI score0.00031EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/02 8:42 a.m.•3 views

BIT-DISCOURSE-2025-67723 Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

5.4CVSS5.3AI score0.00021EPSS

Exploits0References2

NVD•added 2026/01/28 7:16 p.m.•2 views

CVE-2025-67723

5.4CVSS0.00021EPSS

Exploits0References1

CVE•added 2026/01/28 6:21 p.m.•8 views

CVE-2025-67723

CVE-2025-67723 affects Discourse server with the Discourse Math plugin when using KaTeX. The issue is a content-security-policy-mitigated cross-site scripting vulnerability in the KaTeX variant, present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The vulnerability is addressed...

5.4CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/01/28 6:21 p.m.•5 views

CVE-2025-67723

4.6CVSS5.8AI score0.00021EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by