CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 3 days ago•5 views

CVE-2019-25744

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

6.4CVSS5.7AI score0.0003EPSS

Exploits0References4Affected Software1

CVE•added 3 days ago•7 views

CVE-2019-25742

CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...

6.4CVSS5.7AI score0.0003EPSS

EUVD•added 3 days ago•6 views

EUVD-2019-20179

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...

6.4CVSS5.6AI score0.0003EPSS

Vulnrichment•added 3 days ago•5 views

CVE-2019-25743 WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting

6.4CVSS5.6AI score0.0003EPSS

Cvelist•added 3 days ago•29 views

CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

8.8CVSS0.00065EPSS

Vulnrichment•added 3 days ago•5 views

CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

ATTACKERKB•added 3 days ago•4 views

CVE-2019-25732

Exploits0References3Affected Software1

CVE•added 3 days ago•7 views

CVE-2019-25732

CVE-2019-25732 affects PHP EI-Tube Script 3. The vulnerability is an SQL injection in the search parameter that allows unauthenticated attackers to send crafted GET requests to the search endpoint to extract sensitive data (usernames, passwords, version details). Root cause is improper handling/e...

EUVD•added 3 days ago•7 views

EUVD-2026-34181

OpenStack Ironic through 35.0.x allows Boot Script Injection...

5.8AI score0.00024EPSS

Positive Technologies•added 3 days ago•6 views

PT-2026-46874

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

4.9CVSS5.9AI score

Exploits0References5

Positive Technologies•added 3 days ago•10 views

PT-2026-46202

Positive Technologies•added 3 days ago•7 views

PT-2026-46800

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score0.00025EPSS

Zero Day Initiative•added 3 days ago•6 views

(Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary cross-origin script on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5CVSS6AI score0.00048EPSS

Exploits0References1

Positive Technologies•added 3 days ago•10 views

PT-2026-46213

6.4CVSS5.6AI score0.0003EPSS

Exploits0References5

NVD•added 4 days ago•8 views

CVE-2026-46447

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...

7.7CVSS0.00024EPSS

RedHat Linux•added 4 days ago•5 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9CVSS5.9AI score0.00392EPSS

Exploits0References5

OSV•added 4 days ago•5 views

GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.3CVSS6.1AI score