CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/05/26 8:39 p.m.•10 views

EUVD-2026-31993

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.8AI score0.00198EPSS

Exploits1References2

CVE•added 2026/05/07 10:22 a.m.•15 views

CVE-2026-33587

CVE-2026-33587 affects Open Notebook v1.8.3 and is due to lack of user input sanitisation enabling Server-Side Template Injection (SSTI). This allows an application user to run Python code within the server context and, consequently, execute OS commands inside the Docker container for user-create...

10CVSS6AI score0.0023EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/16 6:56 a.m.•14 views

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00145EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-27813

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00266EPSS

Exploits1References3

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-43033

Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Certain Viridian hypercalls can be specified in a way that leads to a security issue. Details are available in a linked source. Recommendations At the moment, there is no information about a newe...

9.8CVSS6.5AI score0.00693EPSS

Exploits0References69

OSV•added 2022/10/10 9:15 p.m.•4 views

CVE-2022-2448

The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00506EPSS

Exploits2References1

WPVulnDB•added 2022/06/10 12:0 a.m.•26 views

Age Gate < 2.17.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks...

6.1CVSS4.2AI score0.00745EPSS

Exploits1Affected Software1

ATTACKERKB•added 2022/05/09 5:15 p.m.•2 views

CVE-2022-1104

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.539EPSS

Exploits2References2

OSV•added 2022/04/25 4:16 p.m.•2 views

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

6.1CVSS6.4AI score0.02609EPSS

Exploits4References1

OSV•added 2021/10/04 12:15 p.m.•2 views

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

5.4CVSS5.8AI score0.006EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by