CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1056 matches found

Positive Technologies•added 2026/02/14 12:0 a.m.•3 views

PT-2026-8051

The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00181EPSS

Exploits0References4

Positive Technologies•added 2026/02/13 12:0 a.m.•8 views

PT-2026-7996

A cross-site scripting XSS vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter...

6.5CVSS5.5AI score0.00162EPSS

Exploits1References4

NVD•added 2026/02/11 9:15 a.m.•5 views

CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.4CVSS0.00264EPSS

Exploits0References5

Snyk•added 2026/02/03 10:4 p.m.•3 views

Cross-site Scripting (XSS)

Overview @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsafe virtual node serialization. An attacker can execute arbitra...

6.1CVSS5.5AI score0.00307EPSS

Exploits0References2

Github Security Blog•added 2026/02/03 12:30 a.m.•4 views

Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/02 11:16 p.m.•7 views

PYSEC-2026-137

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.9AI score0.00235EPSS

Exploits1References2

NVD•added 2026/02/02 11:16 p.m.•6 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS0.00235EPSS

Exploits1References1

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

NVD•added 2026/02/01 1:15 p.m.•4 views

CVE-2022-50941

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS0.00301EPSS

Exploits0References3

ATTACKERKB•added 2026/02/01 12:15 p.m.•4 views

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS6.1AI score0.00288EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/01/28 12:0 a.m.•4 views

PT-2026-5086

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00215EPSS

Exploits0References7

CNNVD•added 2026/01/28 12:0 a.m.•4 views

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

4.8CVSS6AI score0.00176EPSS

Exploits0References2

NVD•added 2026/01/24 8:16 a.m.•5 views

CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.23 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

6.4CVSS0.00248EPSS

Exploits0References4

RedhatCVE•added 2026/01/15 7:23 a.m.•15 views

CVE-2026-0741

The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:40 p.m.•17 views

CVE-2023-43267

A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...

5.4CVSS5.7AI score0.00332EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:35 p.m.•9 views

CVE-2023-49976

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

5.4CVSS5.7AI score0.00466EPSS

Exploits4References1

Cvelist•added 2026/01/09 11:15 a.m.•18 views

CVE-2025-13903 PullQuote <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pullquote' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00239EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:48 a.m.•8 views

CVE-2022-31456

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter...

6.1CVSS5.8AI score0.00444EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:43 a.m.•6 views

CVE-2022-26555

A stored cross-site scripting XSS vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box...

5.4CVSS5.6AI score0.00429EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:56 a.m.•3 views

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

9.9CVSS7.3AI score0.00983EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by