CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS0.00033EPSS

Exploits0References1

Cvelist•added 3 days ago•23 views

CVE-2026-42683 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00033EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-42683

7.1CVSS5.8AI score0.00033EPSS

Exploits0References2

Positive Technologies•added 3 days ago•9 views

PT-2026-45436

Name of the Vulnerable Software and Affected Versions e4jvikwp VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Improper neutralization of input during web page generation allows DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side scripts...

7.1CVSS5.9AI score0.00033EPSS

Exploits0References4

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в python-webob

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user will be redirected to using Python’s urlparse function, and joining that parsed URL to the base URL. However, the...

6.1CVSS6.2AI score0.00263EPSS

Exploits1References2

Patchstack•added 2026/02/03 7:55 a.m.•5 views

WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin = 1.8.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Pins for Pinterest versions = 1.8.8...

6.4CVSS5.3AI score0.00233EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-10230

Malware in sbrugna...

9.8CVSS9.5AI score0.01105EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-44810

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00061EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-57424

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00086EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0201

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00263EPSS

Exploits1References5

RedhatCVE•added 2025/06/23 8:40 a.m.•2 views

CVE-2025-52710

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from n/a through = 1.8.8...

5.9CVSS5.9AI score0.0017EPSS

Exploits0References1

Cvelist•added 2025/06/20 3:3 p.m.•9 views

CVE-2025-52710 WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scripting (XSS) Vulnerability

5.9CVSS0.0017EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:51 a.m.•3 views

CVE-2024-11453

The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gspinwidget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:12 a.m.•4 views

CVE-2023-23982

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPGear.Pro WPFrom Email plugin = 1.8.8 versions...

5.9CVSS5.6AI score0.00207EPSS

Exploits0References1

OSV•added 2025/05/15 8:15 p.m.•1 views

CVE-2024-8426

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2025/01/09 12:0 a.m.•3 views

PT-2025-1878 · WordPress · Muslim Prayer Time-Salah/Iqamah

Name of the Vulnerable Software and Affected Versions: The Muslim Prayer Time-Salah/Iqamah plugin for WordPress versions up to, and including, 1.8.8 Description: The issue is related to Stored Cross-Site Scripting via the Masjid ID parameter due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.0036EPSS

Exploits0References6

CNNVD•added 2025/01/09 12:0 a.m.•2 views

WordPress plugin Muslim Prayer Time-Salah/Iqamah 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

6.4CVSS7.7AI score0.0036EPSS

Exploits0References2

OSV•added 2024/12/20 2:15 a.m.•2 views

CVE-2024-12678

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

6.5CVSS7AI score

Exploits0References1

Patchstack•added 2024/10/08 3:24 p.m.•1 views

WordPress CMSMasters Content Composer plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin CMSMasters Content Composer versions = 1.8.8...

6.4CVSS5.8AI score0.00338EPSS

Exploits0References1Affected Software1

OSV•added 2024/09/15 9:15 a.m.•0 views

CVE-2024-44054

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8...

5.4CVSS5.8AI score0.00143EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by