CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

GithubExploit•added 2026/05/27 11:39 p.m.•53 views

poc-wondercms-360-xss

CVE — WonderCMS 3.6.0 Stored XSS via Search Widget Severity...

5.8AI score

Exploits0

NVD•added 2026/05/14 7:16 p.m.•6 views

CVE-2026-45148

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

4.3CVSS0.00009EPSS

Exploits0References1

CVE•added 2025/12/12 3:20 a.m.•8 views

CVE-2025-13840

CVE-2025-13840 — Bukazu Search Widget (WordPress) Vulnerability: Stored XSS via the shortcodes attribute of bukazu_search. Exploitation requires authentication at Contributor level or higher. Impact: injected scripts execute when users load the affected page. Affected versions: all versions up to...

6.4CVSS4.8AI score0.00037EPSS

Exploits0References4

Vulnrichment•added 2025/12/12 3:20 a.m.•1 views

CVE-2025-13840 BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute

The BUKAZU Search widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortcode' parameter of the 'bukazusearch' shortcode in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS4.8AI score0.00037EPSS

Exploits0References3

CNNVD•added 2025/12/12 12:0 a.m.•1 views

WordPress plugin BUKAZU Search widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References3

Patchstack•added 2025/12/11 10:46 p.m.•3 views

WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

Vivaldi Security Advisories•added 2025/12/10 11:48 a.m.•4 views

Minor update(3) for Vivaldi Android Browser 7.7

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the second 7.7 minor update: RegressionTablet Does not...

8.8CVSS5.9AI score0.00309EPSS

Exploits10References1

CVE•added 2025/10/07 9:54 p.m.•7 views

CVE-2025-43823

CVE-2025-43823 is an XSS vulnerability in the Liferay Commerce Search Result widget. A crafted payload injected into a Commerce Product’s Name field can execute arbitrary script in affected environments. Affected products/versions include Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q4 bef...

5.4CVSS5.5AI score0.00031EPSS

Exploits0References1Affected Software2