CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

RedhatCVE•added 2026/03/29 11:13 a.m.•2 views

CVE-2025-15445

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

5.4CVSS6AI score0.00016EPSS

Exploits0References1

EUVD•added 2026/03/28 6:30 a.m.•1 views

EUVD-2025-209110

6AI score0.00016EPSS

Exploits0References2

NVD•added 2026/03/28 6:16 a.m.•2 views

CVE-2025-15445

5.4CVSS0.00016EPSS

Exploits0References1

ATTACKERKB•added 2026/03/28 6:0 a.m.•3 views

CVE-2025-15445

5.4CVSS6AI score0.00016EPSS

Exploits0References1

Vulnrichment•added 2026/03/28 6:0 a.m.•0 views

CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

6AI score0.00016EPSS

Exploits0References1

Cvelist•added 2026/03/28 6:0 a.m.•25 views

CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

0.00016EPSS

Exploits0References1

CVE•added 2026/03/28 6:0 a.m.•2 views

CVE-2025-15445

The CVE concerns the Restaurant Cafeteria WordPress theme (

5.4CVSS6AI score0.00016EPSS

Exploits0References1

Positive Technologies•added 2026/03/28 12:0 a.m.•0 views

PT-2026-28275

5.4CVSS6AI score0.00016EPSS

Exploits0References4

CVE•added 2026/03/16 7:16 p.m.•5 views

CVE-2026-30875

Chamilo LMS (prior to v1.11.36) exposes an authenticated RCE via H5P Import. An attacker with Teacher role can upload a crafted H5P package that bypasses validation (H5P package validation only checks for h5p.json and does not block .htaccess or PHP files with alternate extensions), enabling exec...

8.8CVSS6.1AI score0.00226EPSS

Exploits0References2Affected Software1

Patchstack•added 2025/12/02 10:0 a.m.•11 views

WordPress WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) plugin <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import vulnerability

Unauthenticated Stored Cross-Site Scripting via External Content Import vulnerability discovered by Kishan Vyas in WordPress Plugin WP Social Ninja versions = 3.20.3...

6.1CVSS5.5AI score0.00171EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/02 6:40 a.m.•6 views

CVE-2025-13007 WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...

6.1CVSS0.00171EPSS

Exploits0References6

CVE•added 2025/12/02 6:40 a.m.•10 views

CVE-2025-13007

CVE-2025-13007 is a stored XSS vulnerability in the WordPress plugin WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (versions ≤ 3.20.3). It arises from insufficient input sanitization and output escaping of externally sourced content, allowing unauthenticated attackers to in...

6.1CVSS4.9AI score0.00171EPSS

Exploits0References6

Vulnrichment•added 2025/12/02 6:40 a.m.•3 views

6.1CVSS4.8AI score0.00171EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-43888

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00507EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-53982

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.00082EPSS

Exploits0References3

CNNVD•added 2025/03/14 12:0 a.m.•1 views

WordPress plugin Industrial 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.4AI score0.00091EPSS

Exploits0References4

CVE•added 2025/03/05 9:21 a.m.•37 views

CVE-2024-13810

CVE-2024-13810 affects Zass - WooCommerce Theme for WordPress (Zass theme) up to version 3.9.9.10. Networks: missing capability check on the zass_import_zass AJAX actions allows authenticated attackers with Subscriber-level access or higher to import demo content and overwrite the site. Connected...

4.3CVSS6.7AI score0.00082EPSS

Exploits0References2

CNNVD•added 2025/03/05 12:0 a.m.•1 views

WordPress plugin Zass 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.6AI score0.00082EPSS

Exploits0References3

OSV•added 2025/02/11 7:10 a.m.•15 views

BIT-GITLAB-2025-1072 Allocation of Resources Without Limits or Throttling in GitLab

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer...

6.5CVSS6AI score0.00177EPSS

Exploits0References4

OSV•added 2025/02/07 4:15 a.m.•2 views

UBUNTU-CVE-2025-1072

6.5CVSS5.7AI score0.00177EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by