CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

CVE•added 2026/06/15 8:17 p.m.•9 views

CVE-2025-60175

CVE-2025-60175 : WordPress PopAd plugin (≤1.0.4) contains a Server-Side Request Forgery (SSRF) vulnerability. The entry specifies an authenticated (Admin+) context, indicating exploitation requires user authorization, potentially enabling internal network requests to unintended targets. The avail...

4.4CVSS5.2AI score0.00168EPSS

Exploits0References1

CVE•added 2026/06/15 3:14 p.m.•8 views

CVE-2025-15658

The CVE describes an Administrator-XSS vulnerability in the WordPress WP Emmet plugin versions

5.9CVSS5.1AI score0.0014EPSS

Exploits0References1

Cvelist•added 2026/05/12 9:29 a.m.•84 views

CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS

Exploits0References5

Patchstack•added 2026/04/21 7:5 p.m.•3 views

WordPress Sentence To SEO (keywords, description and tags) plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Sentence To SEO keywords, description and tags versions = 1.0...

4.4CVSS5.8AI score0.00326EPSS

Exploits0References1Affected Software1

Japan Vulnerability Notes•added 2026/03/27 9:17 a.m.•6 views

Open Redirect Vulnerability in Hitachi Ops Center Administrator

Overview Open Redirect Vulnerability exists in Hitachi Ops Center Administrator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS5.9AI score0.00178EPSS

Exploits0References2

RedhatCVE•added 2026/02/04 7:27 p.m.•4 views

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

6.5CVSS5.5AI score0.00146EPSS

Exploits0References1

Patchstack•added 2026/01/28 1:33 a.m.•8 views

WordPress Appointment Hour Booking plugin <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability discovered by ALockWooD in WordPress Plugin Appointment Hour Booking versions = 1.5.60...

4.4CVSS5.9AI score0.00262EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5081

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS

Exploits0References7

RedhatCVE•added 2026/01/15 6:21 a.m.•11 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS5.2AI score0.00208EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:19 a.m.•6 views

CVE-2021-31835

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...

4.8CVSS6.1AI score0.00543EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•6 views

CVE-2025-23365

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code...

8.5CVSS7.4AI score0.00128EPSS

Exploits0References1

CNNVD•added 2025/10/08 12:0 a.m.•3 views

OPEXUS FOIAXpress 安全漏洞

OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress prior to version 11.13.3.0 that originates from an administrator user being able to inject JavaScript or other content into the Annual Report Corporate...

4.8CVSS5.6AI score0.0022EPSS

Exploits0References3