CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89 matches found

EUVD•added 2026/04/06 6:33 p.m.•2 views

EUVD-2026-19343

An authenticated stored cross-site scripting XSS vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

6AI score0.00031EPSS

Exploits1References3

NVD•added 2025/12/30 11:15 p.m.•2 views

CVE-2022-50801

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting XSS attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affected content...

5.1CVSS0.00046EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-11443

Malware in sbrugna...

5.4CVSS5.6AI score0.00533EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-11473

Malware in sbrugna...

5.4CVSS5.5AI score0.00357EPSS

Exploits2References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-11191

Malware in sbrugna...

5.4CVSS5.5AI score0.00332EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-25150

Malicious code in bioql PyPI...

8CVSS7.9AI score0.00058EPSS

Exploits1References2

Github Security Blog•added 2025/09/23 3:31 p.m.•7 views

WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability

An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...

4.8CVSS5.9AI score0.00038EPSS

Exploits0References6Affected Software2

OSV•added 2024/10/16 7:15 a.m.•13 views

CVE-2022-4973

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into...

5.4CVSS5.9AI score

Exploits0References4

Vulnrichment•added 2024/10/16 6:43 a.m.•16 views

CVE-2022-4973 WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function

4.9CVSS6.1AI score0.01268EPSS

Exploits0References4

Patchstack•added 2024/05/21 3:41 a.m.•3 views

WordPress Move Addons for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin Move Addons for Elementor versions = 1.3.1...

6.4CVSS5.8AI score0.00522EPSS

Exploits0References1Affected Software1

OSV•added 2023/01/23 6:15 p.m.•0 views

CVE-2023-23687

Auth. Stored Cross-Site Scripting XSS vulnerability in Youtube shortcode = 1.8.5 versions...

5.4CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2023/01/17 12:0 a.m.•3 views

PT-2023-14119 · Unknown · Ip Blacklist Cloud

Name of the Vulnerable Software and Affected Versions: IP Blacklist Cloud plugin versions prior to 5.00 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker who has authentication credentials can inject malicious scripts...

4.8CVSS4.8AI score0.00207EPSS

Exploits0References3

Patchstack•added 2022/09/27 12:0 a.m.•25 views

WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Pop-Up Chop Chop plugin versions = 2.1.7. Solution No patched version is available. No reply from the vendor...

5.4CVSS2.5AI score0.00209EPSS

Exploits0Affected Software1

Cvelist•added 2022/09/23 2:38 p.m.•15 views

CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...

4.8CVSS5.1AI score0.00464EPSS

Exploits0References2

Patchstack•added 2022/09/08 12:0 a.m.•28 views

WordPress Culture Object plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Culture Object plugin versions = 4.0.1. Solution Update the WordPress Culture Object plugin to the latest available version at least 4.1.1...

4.8CVSS2.7AI score0.00322EPSS

Exploits0Affected Software1

Cvelist•added 2022/09/06 5:19 p.m.•14 views

CVE-2022-2936 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00162EPSS

Exploits0References2

Patchstack•added 2022/07/18 12:0 a.m.•22 views

WordPress Auto More Tag plugin <= 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Auto More Tag plugin versions = 4.0.0. Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This...

4.8CVSS1.3AI score0.00238EPSS

Exploits1References1Affected Software1

Patchstack•added 2022/07/04 12:0 a.m.•36 views

WordPress Allow SVG Files plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Luan Pedersini in WordPress Allow SVG Files plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of July 1, 2022 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.4AI score0.00191EPSS

Exploits1References1Affected Software1

Patchstack•added 2022/06/14 12:0 a.m.•21 views

WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team Manager plugin versions = 1.6.9. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS3.4AI score0.00153EPSS

Exploits1Affected Software1

Patchstack•added 2022/06/06 12:0 a.m.•16 views

WordPress miniOrange's Google Authenticator plugin <= 5.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress miniOrange's Google Authenticator plugin versions = 5.5.5. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5.6...

4.8CVSS2.4AI score0.00393EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by