CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.1CVSS5.6AI score0.00036EPSS

WordPress plugin GiveWP has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References2

7.1CVSS5.7AI score0.00036EPSS

WordPress plugin e2pdf has a cross-site scripting vulnerability

Positive Technologies•added 2026/06/01 12:0 a.m.•7 views

PT-2026-45434

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References2

7.1CVSS5.6AI score0.00036EPSS

WordPress plugin LearnPress has a cross-site scripting vulnerability

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45438

Name of the Vulnerable Software and Affected Versions VeronaLabs WP Statistics versions prior to 14.16.6 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side JavaScript that process...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References4

Positive Technologies•added 2026/06/01 12:0 a.m.•6 views

PT-2026-45390

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create medicine name of the file /ShowForm/create medicine name/main. Performing a manipulation of the argument medicine name results in cross site scripting. The...

5.1CVSS4.3AI score0.00035EPSS

Exploits0References7

Positive Technologies•added 2026/06/01 12:0 a.m.•8 views

PT-2026-45357

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/upload backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

5.1CVSS5.9AI score0.00052EPSS

Exploits0References3

AlmaLinux•added 2026/06/01 12:0 a.m.•10 views

Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

AlmaLinux•added 2026/06/01 12:0 a.m.•10 views

Important: php:8.2 security update

Tenable Nessus•added 2026/06/01 12:0 a.m.•6 views

RockyLinux 8 : php:8.2 (RLSA-2026:22305)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22305 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS5.6AI score0.00123EPSS

Exploits1References9

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

8.2CVSS5.6AI score0.00037EPSS

Exploits0References3

8.2CVSS5.8AI score0.00037EPSS

Kiteworks cross-site scripting vulnerabilities

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripting, which could allow external attackers...

Tenable Nessus•added 2026/06/01 12:0 a.m.•9 views

RockyLinux 9 : php:8.2 (RLSA-2026:22143)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22143 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS5.6AI score0.00123EPSS

Exploits1References9

OSV•added 2026/06/01 12:0 a.m.•5 views

ALSA-2026:22305 Important: php:8.2 security update

AlmaLinux•added 2026/06/01 12:0 a.m.•8 views

Important: php:8.2 security update

5.4CVSS5.9AI score0.0003EPSS

Kiteworks cross-site scripting vulnerabilities

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, and it could allow authentication attacker...

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Stormshield Network Security security vulnerabilities

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall developed by the French company Stormshield. Versions 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, and 5.0.0 to 5.0.5 of Stormshield Network Security contain security vulnerabilities. These vulnerabilities stem from...

5.3CVSS5.6AI score0.0004EPSS