CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Positive Technologies•added 2026/04/29 12:0 a.m.•4 views

PT-2026-37144

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description A logic error in the two-factor authentication 2FA reset process inverts the authorization check. This allows non-admin users to remove the Time-based One-Time Password TOTP configuration of other...

7.1CVSS5.8AI score0.00025EPSS

Exploits0References5

RedhatCVE•added 2026/03/26 3:6 p.m.•0 views

CVE-2026-4068

The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...

4.3CVSS5.8AI score0.0002EPSS

Exploits0References1

Positive Technologies•added 2026/03/19 12:0 a.m.•0 views

PT-2026-26258

4.3CVSS5.8AI score0.0002EPSS

Exploits0References9

ATTACKERKB•added 2026/02/03 6:10 p.m.•2 views

CVE-2026-25522

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Zone Name & Descriptio...

6.1CVSS5.4AI score0.00028EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/09 9:51 a.m.•3 views

CVE-2020-10449

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-search.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:20 a.m.•5 views

CVE-2024-2405

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

4.5CVSS6.8AI score0.00214EPSS

Exploits2References1

CNVD•added 2025/11/25 12:0 a.m.•2 views

WordPress EchBay Admin Security plugin cross-site scripting vulnerability

WordPress EchBay Admin Security plugin is a once widely used security tool designed to provide an extra layer of protection for the WordPress admin backend. The WordPress EchBay Admin Security plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.1CVSS6.1AI score0.00106EPSS

Exploits0References1

Patchstack•added 2025/11/24 9:19 a.m.•2 views

WordPress EchBay Admin Security plugin <= 1.3.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin EchBay Admin Security versions = 1.3.0...

6.1CVSS6.3AI score0.00106EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/22 8:35 a.m.•3 views

CVE-2025-11885

The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS5.6AI score0.00106EPSS

Exploits0References1

EUVD•added 2025/11/21 9:30 a.m.•1 views

EUVD-2025-198397

6.1CVSS5.2AI score0.00106EPSS

Exploits0References3

CVE•added 2025/11/21 7:31 a.m.•8 views

CVE-2025-11885

CVE-2025-11885 : WordPress EchBay Admin Security plugin suffers a Reflected XSS via the _ebnonce parameter in versions up to 1.3.0 due to insufficient input sanitization and output escaping. Unauthenticated attackers could entice a user to perform an action (e.g., click a link) and have arbitrary...

6.1CVSS5.3AI score0.00106EPSS

Exploits0References2

Cvelist•added 2025/11/21 7:31 a.m.•2 views

CVE-2025-11885 EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting

6.1CVSS0.00106EPSS

Exploits0References2

CNNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress plugin EchBay Admin Security 跨站脚本漏洞

6.1CVSS6AI score0.00106EPSS

Exploits0References3

Positive Technologies•added 2025/11/21 12:0 a.m.•1 views

PT-2025-47688

The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ' ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00106EPSS

Exploits0References3

Github Security Blog•added 2025/10/20 3:30 p.m.•3 views

TastyIgniter vulnerable to Cross-Site Scripting

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

8.8CVSS6.2AI score0.0009EPSS

Exploits1References4Affected Software1

NVD•added 2025/10/16 6:15 p.m.•4 views

CVE-2025-62411

LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting XSS vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored a...

5.5CVSS0.00008EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3969

Malware in sbrugna...

9.8CVSS9.2AI score0.00377EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11696

Malware in sbrugna...

6.5CVSS6.4AI score0.0014EPSS

Exploits2References2