CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1013 matches found

CVE-2026-4259

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00146EPSS

Exploits0References1

Cvelist•added 4 days ago•30 views

CVE-2026-4259 Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions

0.00146EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-4259

The CVE-2026-4259 entry concerns the Ultimate WooCommerce Auction Pro WordPress plugin (

7.1CVSS5.8AI score0.00146EPSS

Exploits0References1

Cvelist•added 4 days ago•31 views

CVE-2026-4110 Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list

0.00152EPSS

Exploits0References1

EUVD•added 4 days ago•9 views

EUVD-2026-38212

7.1CVSS5.8AI score0.00146EPSS

Exploits0References1

EUVD•added 4 days ago•8 views

EUVD-2026-38211

6.1CVSS5.8AI score0.00152EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-4110

The CVE-2026-4110 entry concerns the Ultimate WooCommerce Auction Pro WordPress plugin (

6.1CVSS5.8AI score0.00152EPSS

Exploits0References1

EUVD•added 2026/05/10 3:31 p.m.•20 views

EUVD-2022-55989

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS5.7AI score0.00252EPSS

Exploits0References5

Vulnrichment•added 2026/05/10 12:13 p.m.•6 views

CVE-2022-50969 uBidAuction 2.0.1 mailingLog manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

6.1CVSS5.7AI score0.00252EPSS

Exploits0References4

Vulnrichment•added 2026/05/10 12:12 p.m.•7 views

CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS5.7AI score0.00252EPSS

Exploits0References4

Cvelist•added 2026/05/10 12:12 p.m.•40 views

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS0.00252EPSS

Exploits0References4

CNNVD•added 2026/05/10 12:0 a.m.•7 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS

Exploits0References1

Positive Technologies•added 2026/05/10 12:0 a.m.•15 views

PT-2026-39493

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...

6.1CVSS5.7AI score0.00252EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 11:51 a.m.•9 views

CVE-2009-4989

Cross-site scripting XSS vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action...

4.3CVSS5.9AI score0.01484EPSS

Exploits1References1

Patchstack•added 2025/12/31 12:0 a.m.•8 views

WordPress WordPress Auction plugin <= 3.7 - Editor+ SQL Injection vulnerability

Editor+ SQL Injection vulnerability discovered by Thanh Kieu in WordPress Plugin WordPress Auction Plugin versions = 3.7...

9.8CVSS6AI score0.00606EPSS

Exploits1References1Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress WordPress Auction plugin <= 3.7 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WordPress Auction Plugin versions = 3.7...

4.8CVSS5.9AI score0.00311EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/12/17 10:3 a.m.•6 views

CVE-2025-68084

Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through = 4.3.3...

5.4CVSS5.7AI score0.00173EPSS

Exploits0References1

RedhatCVE•added 2025/12/17 10:2 a.m.•3 views

CVE-2025-66125

Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through = 4.3.3...

5.3CVSS5.8AI score0.0024EPSS

Exploits0References1

EUVD•added 2025/12/16 9:31 a.m.•3 views

EUVD-2025-203535

6.5AI score0.00173EPSS

Exploits0References2

EUVD•added 2025/12/16 9:31 a.m.•4 views

EUVD-2025-203585

5.3CVSS6.4AI score0.0024EPSS

Exploits0References2

Rows per page