Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

RedhatCVE
RedhatCVEadded 2025/12/17 10:3 a.m.2 views

CVE-2025-68070

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References1
NVD
NVDadded 2025/12/16 9:16 a.m.5 views

CVE-2025-68070

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

6.5CVSS0.00029EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/16 8:13 a.m.2 views

CVE-2025-68070 WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

5.2AI score0.00029EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/11 9:30 a.m.1 views

EUVD-2025-33819

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

9.8CVSS5.6AI score0.00198EPSS
Exploits0References3
NVD
NVDadded 2025/10/11 8:15 a.m.2 views

CVE-2025-11533

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

9.8CVSS0.00198EPSS
Exploits0References2
CVE
CVEadded 2025/10/11 7:25 a.m.15 views

CVE-2025-11533

CVE-2025-11533 (WP Freeio, WordPress) — Privilege escalation in WP Freeio is caused by the process_register() function not restricting user registration roles, allowing unauthenticated users to register as ‘administrator’ and gain admin access in all versions up to 1.2.21. The vulnerability is ra...

9.8CVSS5.7AI score0.00198EPSS
In wildExploits0References2
VulnCheck KEV
VulnCheck KEVadded 2025/10/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-11533

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

9.8CVSS5.8AI score0.00198EPSS
In wildExploits0References4
Positive Technologies
Positive Technologiesadded 2025/10/11 12:0 a.m.4 views

PT-2025-41644

Name of the Vulnerable Software and Affected Versions WP Freeio versions prior to 1.4.29 WP Freeio versions 1.2.21 and earlier Description The WP Freeio plugin for WordPress is affected by a privilege escalation issue. The process register function does not adequately restrict user role assignmen...

9.8CVSS6.6AI score0.00198EPSS
Exploits0References10
Patchstack
Patchstackadded 2025/10/10 11:16 p.m.5 views

WordPress WP Freeio plugin <= 1.2.21 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP Freeio versions = 1.2.21...

9.8CVSS6.9AI score0.00198EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-6449

Malicious code in bioql PyPI...

6.8CVSS5.9AI score0.00333EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2025/08/26 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-41444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability in Cacti 1.2.21 via crafted POST request to graphsnew.php. CVE-2022-41444 Note that Nessus relies on the presence of the...

6.1CVSS6.4AI score0.00285EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/22 10:47 p.m.5 views

CVE-2022-2495

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.21...

6.8CVSS5.9AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:53 p.m.7 views

CVE-2022-2470

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.21...

6.5CVSS6.1AI score0.00498EPSS
Exploits1References1
CNNVD
CNNVDadded 2023/08/22 12:0 a.m.1 views

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool uses snmpget to obtain data, uses RRDtool to draw graphs for analysis, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti version 1.2.21, whi...

6.1CVSS5.8AI score0.00285EPSS
Exploits1References2
Prion
Prionadded 2023/03/30 5:15 a.m.59 views

Design/Logic Flaw

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

5CVSS5.2AI score0.00318EPSS
Exploits1References7Affected Software2
ATTACKERKB
ATTACKERKBadded 2022/09/09 3:15 p.m.1 views

CVE-2022-36859

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices...

5.7CVSS5.8AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/09/09 12:0 a.m.2 views

SAMSUNG Mobile devices 跨站脚本漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A cross-site scripting vulnerability exists in SAMSUNG Mobile devices version 1.2.21-6, which stems from the SmartTagPlugin containing an incorrect input...

5.7CVSS4.8AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/09/09 12:0 a.m.2 views

PT-2022-23663 · Unknown · Smarttagplugin

Name of the Vulnerable Software and Affected Versions: SmartTagPlugin versions prior to 1.2.21-6 Description: The issue is related to improper input validation in the SmartTagPlugin, allowing privileged attackers to trigger a cross-site scripting XSS attack on a victim's devices. Recommendations:...

5.7CVSS4.8AI score0.00244EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2022/07/22 3:15 p.m.2 views

CVE-2022-2470

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.21...

6.5CVSS6.6AI score0.00498EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2022/07/22 4:15 a.m.1 views

CVE-2022-2495

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.21...

6.8CVSS6.5AI score0.00333EPSS
Exploits1References3
Rows per page
Query Builder