CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11085 matches found

TileServer API - Cross Site Scripting

tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...

6.1CVSS5.6AI score0.00957EPSS

Exploits0References1

Patchstack•added yesterday•7 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score

Exploits0References1Affected Software1

Nuclei•added yesterday•6 views

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS6AI score0.02002EPSS

Exploits0References3

EUVD•added yesterday•7 views

EUVD-2026-38198

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

5.1CVSS5.3AI score

Exploits0References5

Cvelist•added 4 days ago•27 views

CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

Exploits0References4

Patchstack•added 5 days ago•5 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score

Exploits0Affected Software1

CVE•added 5 days ago•14 views

CVE-2026-56007

CVE-2026-56007 affects WordPress Ocean Product Sharing plugin versions up to and including 2.2.2. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation in OceanWP Ocean Product Sharing. The vulnerability impact is limi...

5.9CVSS5.2AI score0.00143EPSS

Exploits0References1

EUVD•added 6 days ago•8 views

EUVD-2025-210261

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS5.1AI score0.00348EPSS

Exploits0References2

EUVD•added 6 days ago•7 views

EUVD-2025-210252

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS5.1AI score0.00435EPSS

Exploits0References2