CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS6.1AI score0.00073EPSS

Exploits0References3

NVD•added 2025/11/19 7:15 p.m.•2 views

CVE-2025-65100

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISARAPTSNAPSHOTDATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb...

6.9CVSS0.00056EPSS

Exploits0References3

RedhatCVE•added 2025/11/05 3:7 p.m.•1 views

CVE-2025-12184

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5AI score0.00022EPSS

Exploits0References1

Vulnrichment•added 2025/11/04 2:25 p.m.•1 views

CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.7AI score0.00022EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-21307

Malware in sbrugna...

6.1CVSS6.3AI score0.0021EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2009-3317

Malware in sbrugna...

7.5CVSS6.4AI score0.00233EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-39636

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00146EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-25253

Malicious code in bioql PyPI...

8.1CVSS4.1AI score0.00195EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 7:56 a.m.•7 views

CVE-2024-42476

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

6.5CVSS7.3AI score0.00146EPSS

Exploits0

RedhatCVE•added 2025/02/09 10:20 a.m.•4 views

CVE-2025-25160

Cross-Site Request Forgery CSRF vulnerability in Mark Barnes Style Tweaker style-tweaker allows Stored XSS.This issue affects Style Tweaker: from n/a through = 0.11...

7.1CVSS7.2AI score0.00127EPSS

Exploits0References1

CNNVD•added 2025/02/07 12:0 a.m.•1 views

WordPress plugin Style Tweaker 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS8.7AI score0.00127EPSS

Exploits0References2

Patchstack•added 2025/02/03 4:12 p.m.•3 views

WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Style Tweaker versions = 0.11...

7.1CVSS6.2AI score0.00127EPSS

Exploits0Affected Software1

Vulnrichment•added 2024/08/15 6:48 p.m.•21 views

CVE-2024-42476 oauth CSRF vulnerability

6.5CVSS7.5AI score0.00146EPSS

Exploits0References3

CVE•added 2024/08/15 6:40 p.m.•84 views

CVE-2024-42475

The CVE describes the nim OAuth library prior to 0.11 having insecure generateState entropy in the state values, enabling potential CSRF with a user. The root cause is that generateState did not use a cryptographically secure generator, producing insufficient entropy (less than 128 bits). Version...

6.5CVSS6.5AI score0.00024EPSS

Exploits0References2

OSV•added 2023/10/26 12:15 a.m.•1 views

CVE-2023-43906

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.7AI score0.00098EPSS

Exploits1References1

ATTACKERKB•added 2023/10/26 12:15 a.m.•1 views

CVE-2023-43906

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score0.00098EPSS

Exploits1References2

NVD•added 2023/10/26 12:15 a.m.•11 views

CVE-2023-43906

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting XSS vulnerability...

6.1CVSS6.1AI score0.00098EPSS

Exploits1References1

CNNVD•added 2023/10/25 12:0 a.m.•0 views

OffiDocs Xolo CMS Cross-Site Scripting Vulnerability

OffiDocs Xolo CMS is a content management system from OffiDocs, Inc. A security vulnerability exists in OffiDocs Xolo CMS version v0.11, which stems from the inclusion of a Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.00098EPSS

Exploits1References3

Vulnrichment•added 2023/10/12 4:22 p.m.•13 views

CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...

10CVSS7.9AI score0.78432EPSS

Exploits0References3