CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20042 matches found

EUVD•added 2025/12/31 1:3 p.m.•3 views

EUVD-2025-205969

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5...

6.5CVSS5.5AI score0.00127EPSS

Exploits0References2

EUVD•added 2025/12/31 12:2 p.m.•3 views

EUVD-2025-205923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.5...

6.5CVSS5.8AI score0.00173EPSS

Exploits0References2

Vulnrichment•added 2025/12/31 5:34 a.m.•2 views

CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...

7.1CVSS5.7AI score0.00096EPSS

Exploits0References1

Cvelist•added 2025/12/31 5:34 a.m.•28 views

CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...

7.1CVSS0.00096EPSS

Exploits0References1

NVD•added 2025/12/31 5:16 a.m.•3 views

CVE-2025-49346

Cross-Site Request Forgery CSRF vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through = 5.2...

7.1CVSS0.00094EPSS

Exploits0References1

Positive Technologies•added 2025/12/31 12:0 a.m.•3 views

PT-2025-54447

Name of the Vulnerable Software and Affected Versions ZoomSounds versions through 6.91 Description A flaw exists in ZoomSounds that allows for Reflected Cross-Site Scripting XSS. This issue occurs due to improper neutralization of input during web page generation. The vulnerability could...

7.1CVSS6AI score0.00149EPSS

Exploits0References5

Positive Technologies•added 2025/12/31 12:0 a.m.•3 views

PT-2025-54446

Name of the Vulnerable Software and Affected Versions Themefy Bloggie versions through 2.0.8 Description A Cross-Site Request Forgery CSRF issue exists in Themefy Bloggie, which also allows Reflected Cross-Site Scripting XSS. The vulnerability allows an attacker to potentially perform actions on...

7.1CVSS6AI score0.00091EPSS

Exploits0References4

Patchstack•added 2025/12/31 12:0 a.m.•7 views

WordPress FunnelKit plugin <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wfopphone Shortcode vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

6.4CVSS5.9AI score0.00209EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•4 views

WordPress Ultimate Blocks plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via content Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Blocks versions = 3.2.7...

6.4CVSS5.9AI score0.00262EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/30 1:2 a.m.•14 views

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

6.1CVSS6AI score0.00291EPSS

Exploits1References1

CNVD•added 2025/12/30 12:0 a.m.•4 views

WordPress Real 3D FlipBook plugin cross-site scripting vulnerability

WordPress Real 3D FlipBook plugin is a plugin for WordPress website, which uses WebGL technology to convert PDF files or images into flipbook animations with realistic 3D effects, simulating the page turning experience of a real book, including page bending, light and shadow and shadow effects...

5.4CVSS6.3AI score0.00139EPSS

Exploits0References1

Positive Technologies•added 2025/12/29 12:0 a.m.•3 views

PT-2025-53766

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software is susceptible to a cross-site scripting XSS issue due to improper input neutralization during web page generation. This allows for the injection o...

4.8CVSS6AI score0.00145EPSS

Exploits0References4

Snyk•added 2025/12/26 3:39 p.m.•2 views

Cross-site Scripting (XSS)

Overview FluentCMS.Web.UI is a FluentCMS Web UI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Add Page process. An attacker can execute arbitrary JavaScript code in the context of an administrator's session by injecting malicious script tags into the section...

6.1CVSS5.4AI score0.00261EPSS

Exploits1References2

OSV•added 2025/12/26 3:15 p.m.•3 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS5.8AI score0.00119EPSS

Exploits0References2

CVE•added 2025/12/26 12:0 a.m.•15 views

CVE-2025-65885

Delight Custom Firmware (CFW) for Nokia Symbian Belle devices (Nokia 808, N8, E7, C7, 700, 701, 603, 500, E6, Oro, Vertu Constellation T) is affected by a local vulnerability where crafted .txt files placed in the :\Data directory can inject startup scripts. Root cause and details indicate a loca...

5.1CVSS6.3AI score0.00119EPSS

Exploits0References2Affected Software1

EUVD•added 2025/12/26 12:0 a.m.•3 views

EUVD-2025-205436

A cross-site scripting XSS vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the section, allowing remote attackers to inject arbitrary script tags...

6.1CVSS5.5AI score0.00261EPSS

Exploits1References3

EUVD•added 2025/12/26 12:0 a.m.•2 views

EUVD-2025-205437

5.1CVSS6.2AI score0.00119EPSS

Exploits0References3

Vulnrichment•added 2025/12/26 12:0 a.m.•1 views

CVE-2025-67349

5.6AI score0.00261EPSS

Exploits1References2

Vulnrichment•added 2025/12/26 12:0 a.m.•3 views

CVE-2025-65885

6.3AI score0.00119EPSS

Exploits0References2

Positive Technologies•added 2025/12/26 12:0 a.m.•3 views

PT-2025-53591

Name of the Vulnerable Software and Affected Versions FluentCMS version 1.2.3 Description The application does not properly sanitize input in the section, which can allow remote attackers to inject arbitrary script tags. This issue was identified after logging in as an administrator and navigatin...

6.1CVSS5.8AI score0.00261EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by