CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/14 5:30 a.m.•4 views

CVE-2026-5243

EUVD•added 2026/05/14 5:30 a.m.•4 views

Exploits0References3

EUVD-2026-30231

Cvelist•added 2026/05/14 5:30 a.m.•30 views

CVE-2026-5243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget

6.4CVSS0.00032EPSS

Vulnrichment•added 2026/05/14 5:30 a.m.•6 views

CVE•added 2026/05/14 5:30 a.m.•8 views

CVE-2026-5243

CVE-2026-5243 affects The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress. The vulnerability is a stored XSS in the Navigation Menu Lite widget’s menu_hover_click parameter present in all versions up to 6.4.11, caused by insuf...

CNNVD•added 2026/05/14 12:0 a.m.•5 views

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Positive Technologies•added 2026/05/14 12:0 a.m.•5 views

PT-2026-40869

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menu hover click parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

Snyk•added 2026/05/12 3:23 p.m.•3 views

Exploits0References3

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the XTileImage function. An attacker can cause a denial of service by tricking a user into opening a specially crafted MIFF file and right-clicking a tile to invoke the Load / Update menu item. Remediation...

6.7CVSS5.8AI score0.00014EPSS

NVD•added 2026/05/11 8:25 p.m.•6 views

CVE-2026-42050

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...

5.5CVSS0.00014EPSS

Cvelist•added 2026/05/11 7:46 p.m.•30 views

CVE-2026-42050 ImageMagick: Stack buffer overflow in XTileImage

5.5CVSS0.00014EPSS

EUVD•added 2026/05/11 7:46 p.m.•5 views

EUVD-2026-29204

5.5CVSS5.9AI score0.00014EPSS

CVE•added 2026/05/11 7:46 p.m.•49 views

CVE-2026-42050

ImageMagick pre-7.1.2-21 and pre-6.9.13-46 is affected by a stack buffer overflow in XTileImage triggered when processing a malicious MIFF file in the display tool via the Load/Update tile action. Public sources consistently describe this as a stack buffer overflow vulnerability in XTileImage, po...

5.5CVSS5.9AI score0.00014EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/11 6:31 p.m.•4 views

EUVD-2025-209771

A reflected cross-site scripted XSS vulnerability in the acc-menupricess.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS6AI score0.00031EPSS

EUVD•added 2026/05/11 6:31 p.m.•4 views

EUVD-2025-209766

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

EUVD•added 2026/05/11 6:31 p.m.•6 views

EUVD-2025-209769

A reflected cross-site scripted XSS vulnerability in the acc-menubillings.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

EUVD•added 2026/05/11 6:31 p.m.•5 views

EUVD-2025-209765

A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

EUVD•added 2026/05/11 6:31 p.m.•6 views

EUVD-2025-209773

A reflected cross-site scripted XSS vulnerability in the dfm-menuorderopt.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS6AI score0.00031EPSS

EUVD•added 2026/05/11 6:31 p.m.•7 views

EUVD-2025-209768

A reflected cross-site scripted XSS vulnerability in the dfm-menudepartments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

EUVD•added 2026/05/11 6:31 p.m.•5 views

EUVD-2025-209770

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS6AI score0.00031EPSS