CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/02 1:28 a.m.•33 views

CVE-2026-10100 Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...

4.4CVSS0.00035EPSS

Vulnrichment•added 2026/06/02 1:28 a.m.•7 views

CVE-2026-10100 Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS5.9AI score0.00035EPSS

CVE•added 2026/06/02 1:28 a.m.•16 views

CVE-2026-3722

The CVE concerns the WordPress plugin “Auto Image Attributes From Filename With Bulk Updater” (versions ≤ 4.9). The root cause is insufficient input sanitization and output escaping in attachment metadata, enabling Stored Cross-Site Scripting. Impact: authenticated attackers with Author-level acc...

Cvelist•added 2026/06/02 1:28 a.m.•36 views

CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute

The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS0.00032EPSS

EUVD•added 2026/06/02 1:28 a.m.•7 views

EUVD-2026-33869

ATTACKERKB•added 2026/06/02 1:28 a.m.•5 views

CVE-2026-3722

Vulnrichment•added 2026/06/02 1:28 a.m.•6 views

Exploits0References4

CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute

EUVD•added 2026/06/02 12:31 a.m.•8 views

EUVD-2026-33853

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00046EPSS

Exploits0References10

EUVD•added 2026/06/02 12:31 a.m.•9 views

EUVD-2026-33849

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00039EPSS

Exploits0References7

NVD•added 2026/06/02 12:16 a.m.•11 views

CVE-2026-10514

4.8CVSS0.00046EPSS

Exploits0References9

EUVD•added 2026/06/02 12:15 a.m.•7 views

EUVD-2026-33855

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS4.1AI score0.00036EPSS

Cvelist•added 2026/06/02 12:15 a.m.•35 views

CVE-2026-10529 westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting

4.8CVSS0.00036EPSS

Vulnrichment•added 2026/06/02 12:15 a.m.•8 views

CVE-2026-10529 westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting

4.8CVSS4.1AI score0.00036EPSS

ATTACKERKB•added 2026/06/02 12:15 a.m.•7 views

CVE-2026-10529

4.8CVSS4.1AI score0.00036EPSS

CVE•added 2026/06/02 12:0 a.m.•9 views

CVE-2026-33553

CFEngine Enterprise vulnerable in 3.24.3 prior to 3.24.4 and 3.27.0 prior to 3.27.1; status: exposes cross‑site scripting (XSS). Upgrade to 3.24.4 or 3.27.1 to fix.

6.1CVSS5.8AI score0.00027EPSS

Exploits0References2

Positive Technologies•added 2026/06/02 12:0 a.m.•9 views

PT-2026-45748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

5.9CVSS5.8AI score0.00033EPSS

Exploits0References2

Positive Technologies•added 2026/06/02 12:0 a.m.•13 views

PT-2026-45681

Name of the Vulnerable Software and Affected Versions Simple Custom Login Page versions prior to 1.0.4 Description The Simple Custom Login Page plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem occurs because color settings fields are registered and stored without a...

4.4CVSS5.7AI score0.00035EPSS

Exploits0References7

Positive Technologies•added 2026/06/02 12:0 a.m.•8 views

PT-2026-45710

Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...