CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1044 matches found

CVE•added 2025/11/11 3:30 a.m.•14 views

CVE-2025-12663

CVE-2025-12663 (Jeba Cute forkit WordPress plugin) is a Stored Cross-Site Scripting vulnerability in the jeba_forkit shortcode. The issue stems from insufficient input sanitization and output escaping of the text attribute, affecting all versions up to 1.0. Exploitation requires authenticated acc...

6.4CVSS4.8AI score0.00031EPSS

Exploits0References3

Veracode•added 2025/11/04 7:37 a.m.•4 views

Cross-site Scripting (XSS)

Snipe-IT is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input, which allows an attacker to inject and execute arbitrary web scripts in the context of a victim’s browser...

6.4CVSS6.9AI score0.00008EPSS

Exploits1References3Affected Software1

EUVD•added 2025/11/01 3:30 a.m.•2 views

EUVD-2025-37405

The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inaredirectpageindividualuser' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00047EPSS

Exploits0References6

NVD•added 2025/10/30 5:15 p.m.•2 views

CVE-2025-63885

A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...

6.1CVSS0.00026EPSS

Exploits0References2

RedhatCVE•added 2025/10/23 9:13 a.m.•3 views

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

6.4CVSS5.1AI score0.00032EPSS

Exploits0References1

CNVD•added 2025/10/23 12:0 a.m.•1 views

Mediawiki - AdvancedSearch Extension Cross-Site Scripting Vulnerability

Mediawiki - AdvancedSearch Extension is an extension plugin for MediaWiki that enhances the search functionality, often used in conjunction with CirrusSearch and Elastica, to significantly improve search efficiency and accuracy. A cross-site scripting vulnerability exists in MediaWiki -...

6.9CVSS6.1AI score0.00056EPSS

Exploits0References1

EUVD•added 2025/10/16 8:54 a.m.•3 views

EUVD-2025-34741

ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...

5.4CVSS5.8AI score0.00026EPSS

Exploits0References5

NVD•added 2025/10/15 9:15 a.m.•1 views

CVE-2025-10194

The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00032EPSS

Exploits0References3

RedhatCVE•added 2025/10/12 10:5 a.m.•2 views

CVE-2025-7652

The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00032EPSS

Exploits0References1

Snyk•added 2025/10/08 3:32 p.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Commerce Product Comparison Table widget when user-supplied input is injected into the Name text field of a Commerce Product. An attacker can execute arbitrary web scripts in the context of the user's...

5.4CVSS5.4AI score0.00031EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-2725

Malware in sbrugna...

6CVSS6.4AI score0.00827EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-23940

Malware in sbrugna...

5.4CVSS5.5AI score0.00275EPSS

Exploits1References2