CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE-2026-1395

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's blockid attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduce...

6.4CVSS5.7AI score0.00014EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a possible NULL dereference in amdgpurasqueryerrorstatushelper. Returned an invalid error code -EINVAL for an invalid block ID. The issue has been fixed in the following file:...

5.5CVSS6AI score0.00013EPSS

Exploits0References2

EUVD•added 2026/04/22 12:30 p.m.•0 views

EUVD-2026-24716

6.4CVSS5.9AI score0.00014EPSS

Exploits0References6

NVD•added 2026/04/22 10:16 a.m.•0 views

CVE-2026-1395

6.4CVSS0.00014EPSS

Exploits0References5

Vulnrichment•added 2026/04/22 9:27 a.m.•0 views

CVE-2026-1395 Gutentools <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Slider Block Attributes

6.4CVSS5.9AI score0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34315

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block id attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduc...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References6

CNNVD•added 2025/10/21 12:0 a.m.•4 views

Moodle OpenAI Chat Block plugin security vulnerability

Moodle OpenAI Chat Block plugin is a large model chat plugin for Moodle open source. A security vulnerability exists in version 3.0.1 of the Moodle OpenAI Chat Block plugin, which stems from insufficient validation of the blockId parameter and could lead to an insecure direct object reference...

4.3CVSS5.8AI score0.00043EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-4035

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00191EPSS

Exploits0References7

OSV•added 2025/04/03 6:15 p.m.•1 views

CVE-2025-3170

A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /adminuser.php. The manipulation of the argument blockid/unblockid leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.8AI score

Exploits0References5

Positive Technologies•added 2025/04/03 12:0 a.m.•2 views

PT-2025-14622 · Unknown · Project Worlds Online Lawyer Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A critical issue has been discovered, affecting the /admin user.php file. The manipulation of the block id and unblock id arguments leads to SQL injection. This issue can...

9.8CVSS7.8AI score0.00152EPSS

Exploits1References12

CNNVD•added 2025/04/03 12:0 a.m.•1 views

Project Worlds Online Lawyer Management System 安全漏洞

Project Worlds Online Lawyer Management System is an online lawyer management system from Project Worlds, Inc. A security vulnerability exists in Project Worlds Online Lawyer Management System version 1.0, which stems from an incorrect operation of the parameter blockid/unblockid that can lead to...

9.8CVSS7.8AI score0.00152EPSS

Exploits1References5

Positive Technologies•added 2024/05/24 12:0 a.m.•4 views

PT-2024-30609 · WordPress · The Spectra – Wordpress Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Spectra – WordPress Gutenberg Blocks plugin versions up to, and including, 2.13.0 Description: The issue is related to Stored Cross-Site Scripting via the block id parameter due to insufficient input sanitization and output escaping. This...

6.4CVSS5.8AI score0.00152EPSS

Exploits0References5

SUSE CVE•added 2024/03/07 4:25 a.m.•5 views

SUSE CVE-2023-52585

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

5.5CVSS6.5AI score0.00013EPSS

Exploits0References6

OSV•added 2024/03/06 7:15 a.m.•1 views

DEBIAN-CVE-2023-52585

5.5CVSS5.3AI score0.00013EPSS

Exploits0References1

OSV•added 2024/03/06 7:15 a.m.•3 views

AZL-58611 CVE-2023-52585 affecting package kernel for versions less than 6.6.79.1-1

5.5CVSS6.1AI score0.00013EPSS

Exploits0References1

OSV•added 2024/03/06 7:15 a.m.•1 views

AZL-58623 CVE-2023-52585 affecting package kernel for versions less than 5.15.176.3-3

5.5CVSS6.1AI score0.00013EPSS

Exploits0References1

OSV•added 2024/03/06 7:15 a.m.•0 views

UBUNTU-CVE-2023-52585

5.5CVSS6.1AI score0.00013EPSS

Exploits0References18

Debian CVE•added 2024/03/06 6:45 a.m.•19 views

CVE-2023-52585

5.5CVSS7.1AI score0.00013EPSS

Exploits0

Github Security Blog•added 2022/05/17 2:30 a.m.•17 views

Drupal Cross-Site Request Forgery (CSRF)

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID...

7.5CVSS6.9AI score0.00191EPSS

Exploits0References7Affected Software2

OSV•added 2021/08/09 10:15 a.m.•0 views

CVE-2021-24304

The Newsmag WordPress theme before 5.0 does not sanitise the tdblockid parameter in its tdajaxblock AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability...

6.1CVSS5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by