CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

112 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в twitter-bootstrap3

A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...

6.4CVSS6.6AI score0.00139EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-4086

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00048EPSS

Exploits0References1

EUVD•added 2026/03/21 6:30 a.m.•2 views

EUVD-2026-14010

6.4CVSS6AI score0.00048EPSS

Exploits0References6

EUVD•added 2026/03/07 9:30 a.m.•3 views

EUVD-2026-10124

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...

4.3CVSS5.6AI score0.00016EPSS

Exploits0References4

NVD•added 2026/03/07 8:16 a.m.•1 views

CVE-2026-1073

4.3CVSS0.00016EPSS

Exploits0References3

ATTACKERKB•added 2026/01/17 3:24 a.m.•2 views

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.6AI score0.00393EPSS

Exploits0References7

Vulnrichment•added 2026/01/17 3:24 a.m.•1 views

CVE-2025-14463 Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation

5.3CVSS5.8AI score0.00393EPSS

Exploits0References6

RedhatCVE•added 2026/01/07 9:12 a.m.•6 views

CVE-2024-2460

The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00082EPSS

Exploits0References1

EUVD•added 2025/12/06 6:30 a.m.•1 views

EUVD-2025-201535

The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00041EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-7233

Malware in sbrugna...

5.4CVSS5.5AI score0.00196EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11970

Malware in sbrugna...

5.4CVSS5.4AI score0.00208EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-33760

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00095EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-27954

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00079EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-50815

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00155EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-51385

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00153EPSS

Exploits2References1

Veracode•added 2025/09/08 4:31 a.m.•6 views

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...

6.4CVSS6.4AI score0.00139EPSS

Exploits0References5Affected Software1

Ubuntu•added 2025/06/05 4:47 a.m.•3 views

USN-7556-1: Bootstrap vulnerabilities

It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...

6.4CVSS6.9AI score0.00139EPSS

Exploits0

OSV•added 2025/06/05 4:47 a.m.•1 views

USN-7556-1 twitter-bootstrap3, twitter-bootstrap4 vulnerabilities

6.4CVSS6.8AI score0.00139EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 8:20 a.m.•3 views

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

6.1CVSS6.3AI score0.01662EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:3 a.m.•3 views

CVE-2023-27445

Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...

8.8CVSS7.1AI score0.00051EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by