CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/08 9:16 a.m.•3 views

CVE-2026-39693

5.9CVSS0.0014EPSS

Cvelist•added 2026/04/08 8:30 a.m.•22 views

CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability

5.9CVSS0.0014EPSS

CVE•added 2026/04/08 8:30 a.m.•9 views

CVE-2026-39693

CVE-2026-39693 affects the WordPress plugin FSM Custom Featured Image Caption by fesomia, with a DOM-Based XSS due to improper neutralization of input during web page generation. Affected versions are up to and including 1.25.1 . Red Hat/NVD/CVE records also confirm the issue and indicate the imp...

5.9CVSS5.9AI score0.0014EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39693

5.9AI score0.0014EPSS

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability

5.8AI score0.0014EPSS

NVD•added 2026/04/08 5:16 a.m.•4 views

CVE-2026-4785

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttoncaption' parameter in the latepointresources shortcode in versions up to and including 5.3.0. This is due to insufficient output escaping when the...

6.4CVSS0.00362EPSS

CVE•added 2026/04/08 3:36 a.m.•4 views

CVE-2026-4785

The CVE-2026-4785 entry describes a Stored Cross-Site Scripting (Stored XSS) in the WordPress LatePoint plugin (LatePoint – Calendar Booking Plugin for Appointments and Events) up to version 5.3.0. The vulnerability arises from insufficient output escaping in the shortcode [latepoint_resources] w...

6.4CVSS6.1AI score0.00362EPSS

Cvelist•added 2026/04/08 3:36 a.m.•22 views

CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00362EPSS

Positive Technologies•added 2026/04/08 12:0 a.m.•3 views

PT-2026-31082

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions up to and including 5.3.0 Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Stored Cross-Site Scripti...

6.4CVSS5.9AI score0.00362EPSS

Exploits0References10

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31255

Name of the Vulnerable Software and Affected Versions fesomia FSM Custom Featured Image Caption versions through 1.25.1 Description A DOM-Based Cross-Site Scripting XSS issue exists in the fesomia FSM Custom Featured Image Caption plugin. This allows for improper neutralization of input during we...

5.8AI score0.0014EPSS

Exploits0References4

CNNVD•added 2026/04/08 12:0 a.m.•5 views

WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00362EPSS

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin FSM Custom Featured Image Caption 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.0014EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-31031

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan, a personal knowledge management system, is susceptible to remote code execution in the Electron desktop client prior to version 3.6.4. This occurs because table caption content is stored and...

9CVSS6.5AI score0.00538EPSS

Exploits1References9

Cvelist•added 2026/04/04 1:51 p.m.•20 views

CVE-2018-25255 10-Strike LANState 8.8 Local Buffer Overflow SEH

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...

8.6CVSS0.00185EPSS

Exploits0References4

Vulnrichment•added 2026/04/04 1:51 p.m.•4 views

CVE-2018-25255 10-Strike LANState 8.8 Local Buffer Overflow SEH

8.6CVSS6.5AI score0.00185EPSS

Exploits0References4

RedhatCVE•added 2026/03/04 1:57 a.m.•4 views

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

9.8CVSS6.3AI score0.00497EPSS

NVD•added 2026/03/03 3:16 p.m.•5 views

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

9.8CVSS0.00497EPSS

Vulnrichment•added 2026/03/03 12:0 a.m.•0 views

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

6.1AI score0.00497EPSS