CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS

Exploits0References3

EUVD•added 6 hours ago•3 views

EUVD-2021-34850

6.4CVSS5.3AI score

Exploits0References3

ATTACKERKB•added 6 hours ago•2 views

CVE-2021-47984

6.4CVSS5.3AI score

Exploits0References3Affected Software1

CVE•added 6 hours ago•9 views

CVE-2021-47984

The CVE-2021-47984 entry concerns the WordPress Plugin WP24 Domain Check 1.6.2, which has a stored XSS vulnerability in the fieldnameDomain parameter. Input submitted to the plugin settings form (options.php) can inject JavaScript that executes in the browsers of administrators viewing the settin...

6.4CVSS5.3AI score

Exploits0References3

Cvelist•added 6 hours ago•8 views

CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

6.4CVSS

Exploits0References3

Positive Technologies•added 8 hours ago•7 views

PT-2026-47230

6.4CVSS5.3AI score

Exploits0References4

RedhatCVE•added 3 days ago•4 views

CVE-2026-41060

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

7.7CVSS5.6AI score0.0004EPSS

Exploits1References1

EUVD•added 2026/05/13 6:30 p.m.•4 views

EUVD-2020-31226

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...

6.4CVSS5.9AI score0.00036EPSS

Exploits0References6

NVD•added 2026/05/13 4:16 p.m.•3 views

CVE-2020-37225

6.4CVSS0.00036EPSS

Exploits0References5

CVE•added 2026/05/13 2:22 p.m.•8 views

CVE-2020-37225

Powie’s WHOIS Domain Check 0.9.31 has a persistent cross-site scripting (XSS) vulnerability in pwhois_settings.php, exploitable by authenticated attackers via unsanitized input in plugin settings (textarea/input fields). This can execute JavaScript in the admin context and may enable privilege es...

6.4CVSS5.9AI score0.00036EPSS

Exploits0References5

CNNVD•added 2026/05/13 12:0 a.m.•6 views

WordPress plugin Powie s WHOIS Domain Check 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/05/13 12:0 a.m.•8 views

PT-2026-40626

6.4CVSS5.9AI score0.00036EPSS

Exploits0References6

EUVD•added 2026/04/23 6:55 p.m.•2 views

EUVD-2026-25282

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

8.2CVSS5.8AI score0.00056EPSS

Exploits0References1

EUVD•added 2026/04/21 10:44 p.m.•0 views

EUVD-2026-24537

7.7CVSS5.9AI score0.0004EPSS

Exploits1References2

ATTACKERKB•added 2026/04/21 10:44 p.m.•2 views

CVE-2026-41060

7.7CVSS5.9AI score0.0004EPSS

Exploits1References3Affected Software1

OSV•added 2026/04/07 12:24 p.m.•3 views

SUSE-SU-2026:1203-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447. -...

8.1CVSS6AI score0.00067EPSS

Exploits0References41

OSV•added 2026/04/07 12:24 p.m.•2 views

SUSE-SU-2026:1202-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds chec...

9.8CVSS6AI score0.00067EPSS

Exploits0References46

NVD•added 2026/02/03 9:16 p.m.•6 views

CVE-2026-24052

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

7.4CVSS0.00018EPSS

Exploits0References1

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-6186

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code, an agentic coding tool, had a flaw in how it checked the trustworthiness of web addresses when making WebFetch requests. The application used a startsWith function to confirm trust...

7.4CVSS5.5AI score0.00018EPSS

Exploits0References9

Tenable Nessus•added 2026/01/20 12:0 a.m.•1 views

MiracleLinux 7 : python-2.7.5-88.0.1.el7.AXS7 (AXSA:2020-4713:15)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4713:15 advisory. python: Cookie domain check returns incorrect results CVE-2018-20852 python: email.utils.parseaddr wrongly parses email addresses CVE-2019-16056...

7.5CVSS8.5AI score0.01665EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by