CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

CVE•added 2026/05/09 7:29 p.m.•13 views

CVE-2026-42601

ArchiveBox CVE-2026-42601 affects ArchiveBox ≤ 0.8.6rc0. The /add/ endpoint (AddView in core/views.py) accepts a config JSON that is merged into the crawl config without validation, and this config is exported as environment variables for archive plugins, enabling injection of arbitrary tool argu...

9.8CVSS5.9AI score0.00404EPSS

Exploits1References1Affected Software1

Tenable Nessus•added 2026/04/10 12:0 a.m.•3 views

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007100 advisory. A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to ...

7.6CVSS6AI score0.95057EPSS

Exploits6References4

CNNVD•added 2026/02/26 12:0 a.m.•3 views

WordPress plugin EM Cost Calculator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00215EPSS

Exploits0References5

EUVD•added 2026/02/01 12:15 p.m.•4 views

EUVD-2022-55951

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS6.1AI score0.00391EPSS

Exploits0References3

vulnersOsv•added 2026/01/11 3:31 p.m.•6 views

com.amazonaws.serverless:aws-serverless-java-container-struts2 (>=1.2 <=1.8.2), com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.2.0-RELEASE) +164 more potentially affected by CVE-2025-68493 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.33)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.2, =1.0.3-RELEASE, =1.1.9, =0.0.1, =6.0.0, =2.5.1, =2.5.1, =4.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =4.0.3 - com.jgeppert.struts2.jquery:struts2-jquery-datatables-plugin =4.0.3 -...

8.1CVSS6AI score0.22475EPSS

Exploits1

Cvelist•added 2025/12/18 7:22 a.m.•22 views

CVE-2025-66078 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

9.1CVSS0.00314EPSS

Exploits0References1

RedhatCVE•added 2025/10/07 6:9 a.m.•14 views

CVE-2025-9703

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability...

4.3CVSS6.2AI score0.00162EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-15779

Malware in sbrugna...

8.8CVSS7.8AI score0.03155EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-11194

Malware in sbrugna...

8.8CVSS8.6AI score0.01967EPSS

Exploits2References3