Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

88 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:0 a.m.24 views

CVE-2023-29385

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...

7.1CVSS5.9AI score0.00105EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.3 views

WordPress WP Abstracts plugin <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Abstracts versions = 2.7.2...

6.1CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/10/23 3:13 p.m.2 views

CVE-2025-48338

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through = 2.7.4...

7.5CVSS7.1AI score0.00108EPSS
Exploits0References1
NVD
NVDadded 2025/10/22 3:15 p.m.1 views

CVE-2025-48338

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through = 2.7.4...

7.5CVSS0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/22 2:32 p.m.1 views

CVE-2025-48338 WordPress WP Abstracts plugin <= 2.7.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through = 2.7.4...

7.5CVSS6.7AI score0.00108EPSS
Exploits0References1
CVE
CVEadded 2025/10/22 2:32 p.m.6 views

CVE-2025-48338

The CVE notes a PHP Local File Inclusion in the WordPress plugin WP Abstracts wp-abstracts-manuscripts-manager (affected:

7.5CVSS6.7AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/22 2:32 p.m.6 views

CVE-2025-48338 WordPress WP Abstracts plugin <= 2.7.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through = 2.7.4...

7.5CVSS0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/22 12:0 a.m.2 views

PT-2025-43163

Name of the Vulnerable Software and Affected Versions WP Abstracts versions through 2.7.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...

7.5CVSS6.5AI score0.00108EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/22 12:0 a.m.1 views

WordPress plugin WP Abstracts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.7AI score0.00108EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-10579

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00216EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-40826

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00148EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-27577

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.0004EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-32957

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00105EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-32335

Malicious code in bioql PyPI...

5.9CVSS5.2AI score0.00079EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-44842

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00278EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-40466

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00094EPSS
Exploits0References1
Snyk
Snykadded 2025/09/10 8:28 p.m.4 views

Cross-site Scripting (XSS)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Cross-site Scripting XSS when rendering LaTeX math code in contribution and abstract description sections. Details Cross-site scripting or XSS is a code...

5.4CVSS5.1AI score0.0004EPSS
Exploits0References2
OSV
OSVadded 2025/09/10 8:28 p.m.2 views

GHSA-7CF7-9WRR-VRF4 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

4.6CVSS7.2AI score0.0004EPSS
Exploits0References4
NVD
NVDadded 2025/09/10 4:15 p.m.1 views

CVE-2025-59035

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

5.4CVSS0.0004EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/10 4:3 p.m.4 views

CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

4.6CVSS0.0004EPSS
Exploits0References2
Rows per page
Query Builder