CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10267 matches found

RedhatCVE•added 2026/02/04 7:27 p.m.•6 views

CVE-2025-61944

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length...

8CVSS5.9AI score0.00405EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 7:27 p.m.•5 views

CVE-2026-24672

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS

Exploits1References1

RedhatCVE•added 2026/02/04 1:20 p.m.•5 views

CVE-2025-59902

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...

7.1CVSS5.6AI score0.00341EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 1:20 p.m.•5 views

CVE-2026-1058

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

7.1CVSS5.6AI score0.0032EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 1:20 p.m.•5 views

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00363EPSS

Exploits0References1

Nuclei•added 2026/02/04 7:0 a.m.•7 views

XWiki XML View - Sensitive Information Exposure

A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template. id:...

8.7CVSS6.2AI score0.01209EPSS

Exploits0References2

Nuclei•added 2026/02/04 7:0 a.m.•25 views

Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution

Advanced Custom Fields: Extended WordPress plugin 0.9.0.5 through 0.9.1.1 contains a remote code execution caused by unsafe use of calluserfuncarray in prepareform function, letting unauthenticated attackers execute arbitrary code remotely. id: CVE-2025-13486 info: name: Advanced Custom Fields...

9.8CVSS8.7AI score0.73557EPSS

Exploits10References2

RedhatCVE•added 2026/02/04 3:15 a.m.•15 views

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

4.1CVSS5.5AI score0.00227EPSS

Exploits0References1

Patchstack•added 2026/02/03 9:13 p.m.•6 views

WordPress ACF Quick Edit Fields plugin <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference vulnerability

Authenticated Contributor+ Insecure Direct Object Reference vulnerability discovered by Chris Grello in WordPress Plugin ACF Quick Edit Fields versions = 3.2.2...

6.5CVSS5.3AI score0.00421EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/03 9:12 p.m.•4 views

CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...

9.3CVSS5.4AI score0.00624EPSS

Exploits0References4

Snyk•added 2026/02/03 7:49 p.m.•4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the readBinaryPropertySeq function when handling manipulated DATA Submessages with altered length fields. An attacker can cause a remote out-of-memory condition and terminate the service by sending...

8.6CVSS5.6AI score0.00412EPSS

Exploits0References2

NVD•added 2026/02/03 7:16 p.m.•3 views

CVE-2025-61983

8CVSS0.00469EPSS

Exploits0References5

OSV•added 2026/02/03 7:16 p.m.•3 views

CVE-2025-61983

8CVSS6.1AI score0.00469EPSS

Exploits0References4

NVD•added 2026/02/03 7:16 p.m.•10 views

CVE-2025-61944

8CVSS0.00405EPSS

Exploits0References5

OSV•added 2026/02/03 7:16 p.m.•4 views

CVE-2025-61944

8CVSS6.1AI score0.00405EPSS

Exploits0References4

NVD•added 2026/02/03 7:16 p.m.•4 views

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

6.5CVSS0.00151EPSS

Exploits0References1

ATTACKERKB•added 2026/02/03 6:51 p.m.•4 views

CVE-2025-61983

7.3CVSS5.9AI score0.00469EPSS

Exploits0References5

CVE•added 2026/02/03 6:51 p.m.•11 views

CVE-2025-61983

TP-Link Archer AX53 (v1.0 through 1.3.1 Build 20241120) has a heap-based buffer overflow in the tmpserver modules. An authenticated adjacent attacker can trigger a segmentation fault or potentially execute arbitrary code by sending a crafted network packet containing an excessive number of fields...

8CVSS5.9AI score0.00469EPSS

Exploits0References5Affected Software1