CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/10 4:16 a.m.•2 views

CVE-2026-24323

6.1CVSS5.8AI score

CVE•added 2026/02/10 3:4 a.m.•9 views

CVE-2026-24323

CVE-2026-24323 affects BSP applications of SAP Document Management System. An unauthenticated user can inject malicious script via user-controlled URL parameters that are not sufficiently sanitized, causing script execution in the victim’s browser. Impact is described as low for confidentiality a...

6.1CVSS5.5AI score0.00041EPSS

Exploits0References2Affected Software3

Cvelist•added 2026/02/10 3:4 a.m.•29 views

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

6.1CVSS0.00041EPSS

Vulnrichment•added 2026/02/10 3:4 a.m.•2 views

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

6.1CVSS5.5AI score0.00041EPSS

Positive Technologies•added 2026/02/10 12:0 a.m.•5 views

PT-2026-7222

6.1CVSS5.5AI score0.00041EPSS

Exploits0References3

RedhatCVE•added 2026/02/08 1:3 p.m.•5 views

CVE-2026-1613

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

RedhatCVE•added 2026/02/08 7:13 a.m.•5 views

Exploits0References1

CVE-2025-15267

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbaccordionitem shortcode in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

NVD•added 2026/02/07 9:16 a.m.•6 views

Exploits0References1

CVE-2026-1643

The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

6.1CVSS0.00069EPSS

EUVD•added 2026/02/07 8:26 a.m.•4 views

EUVD-2026-5737

The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wikiloops shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Cvelist•added 2026/02/07 8:26 a.m.•23 views

CVE-2026-0555 Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...

6.4CVSS0.00019EPSS

Exploits0References6

RedhatCVE•added 2026/02/07 7:22 a.m.•4 views

CVE-2026-1401

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.6AI score0.00017EPSS

Exploits0References1

ATTACKERKB•added 2026/02/07 5:52 a.m.•3 views

CVE-2025-12159

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbrawcontent shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Vulnrichment•added 2026/02/07 5:52 a.m.•2 views

Exploits0References3

CVE-2025-12159 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.7AI score0.00016EPSS

EUVD•added 2026/02/07 5:52 a.m.•3 views

EUVD-2025-206895

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

ATTACKERKB•added 2026/02/07 5:52 a.m.•4 views

Exploits0References3

CVE-2025-12803

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'btbbtabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Positive Technologies•added 2026/02/07 12:0 a.m.•4 views

PT-2026-6878

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt bb tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00016EPSS

Positive Technologies•added 2026/02/07 12:0 a.m.•5 views

PT-2026-6893

Name of the Vulnerable Software and Affected Versions Wonka Slide versions up to and including 1.3.3 Description The Wonka Slide plugin for WordPress is susceptible to Stored Cross-Site Scripting through the list class shortcode. Insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.00016EPSS