CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10261 matches found

CVE•added 2026/03/02 3:47 p.m.•14 views

CVE-2025-52468

Chamilo LMS contains a stored XSS vulnerability (CVE-2025-52468) in CSV user imports prior to v1.11.30, due to insufficient sanitization in Last Name, First Name, and Username fields. The stored payload is triggered when a user profile is viewed in the context of the authenticated user. Patch rel...

8.8CVSS5.9AI score0.00351EPSS

Exploits1References3Affected Software1

CNVD•added 2026/03/02 12:0 a.m.•2 views

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14283)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...

6.1CVSS6AI score0.00225EPSS

Exploits1References1

Positive Technologies•added 2026/03/02 12:0 a.m.•6 views

PT-2026-22705

Name of the Vulnerable Software and Affected Versions Blocksy theme for WordPress versions up to and including 2.1.30 Description The Blocksy theme for WordPress is susceptible to Stored Cross-Site Scripting through the blocksy meta metadata fields. Insufficient input sanitization and output...

6.4CVSS6AI score0.00194EPSS

Exploits0References6

CNNVD•added 2026/03/02 12:0 a.m.•9 views

WordPress plugin Blocksy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00194EPSS

Exploits0References2

RedhatCVE•added 2026/02/28 2:0 p.m.•5 views

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS

Exploits0References1

RedhatCVE•added 2026/02/28 7:47 a.m.•13 views

CVE-2025-14040

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...

6.4CVSS6.1AI score0.00269EPSS

Exploits0References1

RedhatCVE•added 2026/02/28 1:55 a.m.•2 views

CVE-2026-24695

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code executio...

8.8CVSS6.6AI score0.01518EPSS

Exploits0References1

NVD•added 2026/02/27 10:16 p.m.•9 views

CVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issu...

7.8CVSS0.00177EPSS

Exploits0References4

OSV•added 2026/02/27 10:16 p.m.•5 views

AZL-78500 CVE-2026-28421 affecting package vim 9.1.1616-1

7.8CVSS5.8AI score0.00177EPSS

Exploits0References1

OSV•added 2026/02/27 10:16 p.m.•2 views

ALPINE-CVE-2026-28421

7.8CVSS6AI score0.00177EPSS

Exploits0References1

UbuntuCve•added 2026/02/27 10:16 p.m.•2 views

CVE-2026-28421

7.8CVSS5.9AI score0.00177EPSS

Exploits0References6

OSV•added 2026/02/27 10:16 p.m.•3 views

UBUNTU-CVE-2026-28421

7.8CVSS5.8AI score0.00177EPSS

Exploits0References7

EUVD•added 2026/02/27 10:6 p.m.•5 views

EUVD-2026-9089

5.3CVSS6AI score0.00177EPSS

Exploits0References3

ATTACKERKB•added 2026/02/27 10:6 p.m.•11 views

CVE-2026-28421

7.8CVSS6AI score0.00177EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/02/27 10:6 p.m.•3 views

CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault

5.3CVSS6AI score0.00177EPSS

Exploits0References3

AlpineLinux•added 2026/02/27 10:6 p.m.•4 views

CVE-2026-28421

7.8CVSS6AI score0.00177EPSS

Exploits0References4

RedhatCVE•added 2026/02/27 7:44 p.m.•5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00239EPSS

Exploits0References1

EUVD•added 2026/02/27 9:30 a.m.•7 views

EUVD-2025-208126

6.4CVSS6AI score0.00269EPSS

Exploits0References4

Cvelist•added 2026/02/27 6:43 a.m.•21 views

CVE-2025-14040 Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields

6.4CVSS0.00269EPSS

Exploits0References3

CVE•added 2026/02/27 6:43 a.m.•15 views

CVE-2025-14040

CVE-2025-14040 : The Automotive Car Dealership WordPress Theme (WordPress theme) is vulnerable to a stored XSS via the action_text, action_button_text, action_link, and action_class fields in the Call to Action across all versions up to 13.4. Exploitation requires contributor-level authentication...

6.4CVSS5.6AI score0.00269EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by