CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/11/18 8:27 a.m.•14 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00133EPSS

Cvelist•added 2025/11/18 8:27 a.m.•3 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

4.3CVSS0.00133EPSS

Vulnrichment•added 2025/11/18 8:27 a.m.•1 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

4.3CVSS4.9AI score0.00133EPSS

EUVD•added 2025/11/18 8:27 a.m.•2 views

EUVD-2025-197947

4.3CVSS4.8AI score0.00133EPSS

Exploits0References5

NVD•added 2025/11/18 8:15 a.m.•5 views

CVE-2025-11267

6.4CVSS0.00201EPSS

CVE•added 2025/11/18 7:30 a.m.•17 views

CVE-2025-11267

The VK All in One Expansion Unit WordPress plugin is affected by a Stored XSS in the _veu_custom_css value across versions up to 9.112.1. The vulnerability stems from insufficient input sanitization and output escaping, enabling authenticated attackers with Contributor-level access or higher to i...

6.4CVSS4.7AI score0.00201EPSS

Positive Technologies•added 2025/11/18 12:0 a.m.•6 views

PT-2025-47272

Name of the Vulnerable Software and Affected Versions Coil Web Monetization plugin for WordPress versions prior to 2.0.3 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate nonce validation when handling the coil-get-css-selector...

4.3CVSS6.4AI score0.00133EPSS

Exploits0References7

Tenable Nessus•added 2025/11/18 12:0 a.m.•2 views

Mozilla Thunderbird < 52.5.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-30 advisory. - It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g...

9.3CVSS7.8AI score0.03215EPSS

Exploits1References6

EUVD•added 2025/11/13 3:23 a.m.•5 views

EUVD-2025-177834

Malicious code in mini-css-extract-plugin-nova-titan-duplex npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-179462

Malicious code in css-minimizer-webpack-plugin-framework-nextjs-upgrade npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in taurus-css-minimizer-webpack-plugin-ophiuchus-webdriverio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f8ad6a47a997ae581afbb207779a8920a2efac4fcd400cab0db5924bf8227ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-176413

Malicious code in server-filament-framework-css-minimizer-webpack-plugin npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-176600

Malicious code in rollup-plugin-optimize-css-assets-webpack-plugin-bootes-polaris npm...