CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5731 matches found

CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

7.1CVSS

Exploits0References4

EUVD•added yesterday•4 views

EUVD-2025-210322

7.1CVSS6AI score

Exploits0References4

Nuclei•added yesterday•11 views

FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution

Custom css-js-php WordPress plugin through 2.0.7 contains a command injection caused by unsanitized user input used in SQL query and passed to eval, letting unauthenticated attackers execute arbitrary PHP code on the server. id: CVE-2026-6433 info: name: FlipperCode Custom CSS, JS & PHP = 2.0.7 -...

7.3CVSS6.2AI score0.00753EPSS

Exploits1References4

Nuclei•added 2 days ago•15 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS7AI score0.01595EPSS

Exploits2References2

Nuclei•added 2 days ago•15 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.3AI score0.55008EPSS

Exploits1References4

NCSC•added 5 days ago•26 views

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified several vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities concern various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has classified the vulnerability with the identifier CVE-2026-20253 as a critical vulnerability in...

9.8CVSS6.9AI score0.10035EPSS

Exploits2References9

Mageia•added 2026/06/16 4:58 a.m.•5 views

Updated emacs packages fix security vulnerability

Memory corruption vulnerability when processing svg css. CVE-2026-6861...

7.1CVSS5.5AI score0.00108EPSS

Exploits0References4

GithubExploit•added 2026/06/15 6:43 a.m.•65 views

Exploit for CVE-2026-48849

CVE-2026-48849 - Stored XSS, HTML Injection & CSS Injection in...

4.4CVSS5.6AI score0.00195EPSS

Exploits1

NVD•added 2026/06/15 2:16 a.m.•9 views

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS

Exploits0References6

Vulnrichment•added 2026/06/15 12:45 a.m.•6 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

4.8CVSS3.7AI score0.00214EPSS

Exploits0References6

NVD•added 2026/06/13 3:16 a.m.•9 views

CVE-2026-12089

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS0.00346EPSS

Exploits0References3

CVE•added 2026/06/13 2:29 a.m.•23 views

CVE-2026-12089

The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...

4.9CVSS5.5AI score0.00346EPSS

Exploits0References3

Cvelist•added 2026/06/13 2:29 a.m.•32 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

4.9CVSS0.00346EPSS

Exploits0References3

EUVD•added 2026/06/13 2:29 a.m.•13 views

EUVD-2026-36635

4.9CVSS5.5AI score0.00346EPSS

Exploits0References3

Fedora•added 2026/06/13 1:13 a.m.•10 views

[SECURITY] Fedora 44 Update: weasyprint-69.0-1.fc44

WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...

5.3AI score

Exploits0

NVD•added 2026/06/10 6:16 p.m.•10 views

CVE-2026-20254

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that...

5.7CVSS0.00247EPSS

Exploits0References1

EUVD•added 2026/06/10 5:15 p.m.•8 views

EUVD-2026-36081

5.7CVSS5.5AI score0.00247EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 5:15 p.m.•7 views

CVE-2026-20254 Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

5.7CVSS5.2AI score0.00247EPSS

Exploits0References1

CVE•added 2026/06/10 5:15 p.m.•13 views

CVE-2026-20254

The affected products are Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. A low-privileged user (not admin/power) can craft a malicious classic dashboard that exfiltrates sens...

5.7CVSS5.5AI score0.00247EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/10 5:15 p.m.•26 views

CVE-2026-20254 Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

5.7CVSS0.00247EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by