CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

EUVD•added 2026/05/10 3:31 p.m.•4 views

EUVD-2021-34811

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References4

NVD•added 2026/05/10 1:16 p.m.•6 views

CVE-2021-47951

6.4CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2026/05/10 12:52 p.m.•4 views

CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

ATTACKERKB•added 2026/05/10 12:52 p.m.•4 views

CVE-2021-47951

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3Affected Software1

CVE•added 2026/05/10 12:52 p.m.•6 views

CVE-2021-47951

CVE-2021-47951 concerns WordPress Picture Gallery 1.4.2, which has a stored cross-site scripting (XSS) flaw. The vulnerability allows authenticated attackers to inject JavaScript through the Edit Content URL field in the Access Control settings; payloads stored in the database can execute when th...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

Cvelist•added 2026/05/10 12:52 p.m.•24 views

CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

6.4CVSS0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/05/10 12:0 a.m.•4 views

PT-2026-39525

6.4CVSS5.7AI score0.00032EPSS

Exploits0References4

CNNVD•added 2026/05/10 12:0 a.m.•4 views

WordPress plugin Picture Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00032EPSS

Exploits0References1

NVD•added 2025/10/23 5:15 a.m.•3 views

CVE-2025-54856

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page...

4.8CVSS0.00024EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-31458

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00047EPSS

Exploits1References6

RedhatCVE•added 2025/09/29 7:41 a.m.•2 views

CVE-2025-11102

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

7.5CVSS7.1AI score0.00047EPSS

Exploits1References1

OSV•added 2025/09/28 8:15 a.m.•1 views

CVE-2025-11102

9.8CVSS5.8AI score0.00047EPSS

Exploits1References5

NVD•added 2025/09/28 8:15 a.m.•2 views

CVE-2025-11102

9.8CVSS0.00047EPSS

Exploits1References5

CVE•added 2025/09/28 7:32 a.m.•8 views

CVE-2025-11102

CVE-2025-11102 affects Campcodes Online Learning Management System (v1.0). A vulnerability in an unknown function within /admin/edit_content.php allows manipulation of the Title parameter to trigger SQL injection. Exploitation can be conducted remotely, and public exploits are noted. Several sour...

9.8CVSS6.7AI score0.00047EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/09/28 7:32 a.m.•6 views

CVE-2025-11102 Campcodes Online Learning Management System edit_content.php sql injection

7.5CVSS0.00047EPSS

Exploits1References5

CNNVD•added 2025/09/28 12:0 a.m.•1 views

CampCodes Online Learning Management System SQL注入漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter Title in the file...

9.8CVSS7.8AI score0.00047EPSS

Exploits1References6

RedhatCVE•added 2025/09/17 10:46 p.m.•1 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.3CVSS6.8AI score0.00087EPSS

Exploits0References1

OSV•added 2025/09/16 12:30 a.m.•1 views

GHSA-25M3-W28P-V3V3 Liferay has Insecure Default Initialization of Resource issue

5.3CVSS6.9AI score0.00087EPSS

Exploits0References3

Github Security Blog•added 2025/09/16 12:30 a.m.•2 views

Liferay has Insecure Default Initialization of Resource issue

5.4CVSS6.9AI score0.00087EPSS

Exploits0References3Affected Software1

CVE•added 2025/09/15 9:28 p.m.•10 views

CVE-2025-43797

CVE-2025-43797 (Liferay) affects Liferay Portal 7.1.0–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, plus older unsupported builds. The root cause is a default Open membership setting on newly created sites, which allows any registered user to become a member and potentially view, add,...

5.4CVSS6.5AI score0.00087EPSS

Exploits0References1Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by