CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

ATTACKERKB•added 2026/05/06 6:47 a.m.•4 views

CVE-2026-7448

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS

Exploits0References15

EUVD•added 2026/05/05 3:31 a.m.•2 views

EUVD-2026-27201

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00113EPSS

Exploits0References7

CNNVD•added 2026/03/20 12:0 a.m.•4 views

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the parameter FirstName in the file admin/admin/editemployee.php. Th...

9.8CVSS5.8AI score0.00014EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-37889

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00224EPSS

Exploits1References1

NVD•added 2023/05/08 8:15 p.m.•9 views

CVE-2023-1031

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...

8.8CVSS8.7AI score0.01105EPSS

Exploits1References2

Prion•added 2023/05/08 8:15 p.m.•7 views

Code injection

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...

6.5CVSS8.6AI score0.01105EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/05/08 12:0 a.m.•9 views

CVE-2023-1031

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...

8.9AI score0.01105EPSS

Exploits1References2

Cvelist•added 2022/07/26 12:57 p.m.•10 views

CVE-2022-34991

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the firstname and lastname parameters...

5.7AI score0.00224EPSS

Exploits1References1

OSV•added 2021/10/01 4:15 p.m.•9 views

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

6.1CVSS6AI score

Exploits0References2

Cvelist•added 2021/10/01 3:42 p.m.•13 views

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

6.3AI score0.00283EPSS

Exploits1References2

Packet Storm•added 2021/08/13 12:0 a.m.•269 views

Chikitsa 2.0.0 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on Chikitsa 2.0.0 parameter "firstname" Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.09.2021 Vendor: https://chikitsa.net/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38152 + Exploit Source:...

3.5CVSS0.2AI score0.00416EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by