CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6238 matches found

Positive Technologies•added 2025/07/31 12:0 a.m.•4 views

PT-2025-31483 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: A reflected cross-site scripting issue exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed in the browser...

6.1CVSS5.8AI score0.00182EPSS

Exploits0References7

NVD•added 2025/07/30 8:15 p.m.•5 views

CVE-2025-52187

GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting XSS in myprofileupdateform1.php...

8.2CVSS0.00381EPSS

Exploits2References3

Cvelist•added 2025/07/30 12:0 a.m.•7 views

CVE-2025-52187

GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting XSS in myprofileupdateform1.php...

0.00381EPSS

Exploits2References2

CVE•added 2025/07/30 12:0 a.m.•17 views

CVE-2025-52187

GetProjectsIdea Create School Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability in my_profile_update_form1.php. The issue appears to be stored XSS caused by insufficient input sanitization before storing user data, which can execute injected scripts when rendering pa...

8.2CVSS5.8AI score0.00381EPSS

Exploits2References3Affected Software1

Positive Technologies•added 2025/07/30 12:0 a.m.•3 views

PT-2025-31433 · Unknown · Playground.Electronhub.Ai

Name of the Vulnerable Software and Affected Versions: playground.electronhub.ai version 1.1.9 Description: The software contains a cross-site scripting XSS vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.1CVSS5.5AI score0.00334EPSS

Exploits1References7

OSV•added 2025/07/29 6:49 p.m.•3 views

GO-2025-3825 Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor

Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

4.1CVSS5.7AI score0.0029EPSS

Exploits0References5

Patchstack•added 2025/07/29 12:30 p.m.•4 views

WordPress StreamWeasels Kick Integration plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin SW Kick Integration versions = 1.1.4...

5.4CVSS5.5AI score0.00189EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/07/29 4:23 a.m.•11 views

CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00216EPSS

Exploits0References4

Vulnrichment•added 2025/07/29 12:0 a.m.•2 views

CVE-2025-52358

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...

5.9AI score0.00265EPSS

Exploits1References2

OSV•added 2025/07/28 8:19 a.m.•1 views

USN-7674-1 openjdk-lts vulnerabilities

It was discovered that the 2D component of OpenJDK 11 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-30749, CVE-2025-50106 VMashroor Hasan Bhuiyan discovered that the JSSE...

8.6CVSS6.9AI score0.01058EPSS

Exploits1References6

RedhatCVE•added 2025/07/26 11:23 p.m.•7 views

CVE-2025-3614

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS6AI score0.00238EPSS

Exploits0References1

NVD•added 2025/07/25 4:15 p.m.•3 views

CVE-2022-4979

A cross-site scripting XSS vulnerability exists in Sitecore Experience Platform XP 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platfor...

5.1CVSS0.00583EPSS

Exploits0References3

Vulnrichment•added 2025/07/25 12:0 a.m.•4 views

CVE-2025-46198

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element...

7.5AI score0.00602EPSS

Exploits1References2

RedhatCVE•added 2025/07/24 11:30 p.m.•13 views

CVE-2025-43486

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update...

5.7CVSS6.2AI score0.00171EPSS

Exploits0References1

OSV•added 2025/07/24 7:15 a.m.•2 views

CVE-2025-4968

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...

5.4CVSS6AI score0.00256EPSS

Exploits0References2

Positive Technologies•added 2025/07/24 12:0 a.m.•2 views

PT-2025-30678 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the PlaylistOwnerUsersId parameter functionality within the managerPlaylists component. A specially crafted HTTP...

9.6CVSS6.3AI score0.00726EPSS

Exploits1References8

Talos•added 2025/07/24 12:0 a.m.•3 views

WWBN AVideo LoginWordPress loginForm cancelUri parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2208 WWBN AVideo LoginWordPress loginForm cancelUri parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-36548 SUMMARY A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter...

9.6CVSS5.5AI score0.00962EPSS

Exploits1

Talos•added 2025/07/24 12:0 a.m.•5 views

WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2205 WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-46410 SUMMARY A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter...

9.6CVSS5.5AI score0.00726EPSS

Exploits1

Patchstack•added 2025/07/23 9:36 p.m.•3 views

WordPress Station Pro plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width and height Parameters vulnerability discovered by Peter Thaleikis in WordPress Plugin Station Pro versions = 2.4.2...

6.4CVSS5.5AI score0.00354EPSS

Exploits0References1Affected Software1

NVD•added 2025/07/23 1:15 p.m.•5 views

CVE-2025-4411

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dataprom Informatics PACS-ACSS allows Cross-Site Scripting XSS. This issue affects PACS-ACSS: before 16.05.2025...

6.5CVSS0.00269EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by