CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8171 matches found

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2020-1779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When dynamic templates are used OTRSTicketForms, admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects:...

4.9CVSS5.4AI score0.00995EPSS

Exploits0References2

Patchstack•added 2025/09/09 11:4 p.m.•4 views

WordPress Ninja-forms plugin < 3.11.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by wcraft in WordPress Plugin Ninja Forms versions 3.11.1...

9.8CVSS7AI score0.00505EPSS

Exploits1References1Affected Software1

Snyk•added 2025/09/09 3:30 a.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in Kaleo Forms Admin. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting a malicious payload that is stored and rendered without proper...

6.1CVSS5.2AI score0.00209EPSS

Exploits0References2

Github Security Blog•added 2025/09/09 3:30 a.m.•5 views

Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

6.1CVSS5.7AI score0.00209EPSS

Exploits0References4Affected Software1

OSV•added 2025/09/09 3:30 a.m.•4 views

GHSA-CPG4-QCJ8-42GP Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin

4.8CVSS5.8AI score0.00209EPSS

Exploits0References4

NVD•added 2025/09/09 2:15 a.m.•4 views

CVE-2025-43778

6.1CVSS0.00209EPSS

Exploits0References1

OSV•added 2025/09/09 2:15 a.m.•4 views

CVE-2025-43778

6.1CVSS5.8AI score0.00209EPSS

Exploits0References1

CVE•added 2025/09/09 1:21 a.m.•12 views

CVE-2025-43778

The CVE-2025-43778 issue is a Stored XSS in Liferay Portal and Liferay DXP, exploitable via the name of a fieldset in Kaleo Forms Admin. Affected products/versions include Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP across multiple 2024–2025 quarterly releases (e.g., 2025.Q1.0–Q1.16, 2025.Q2.0...

6.1CVSS5.3AI score0.00209EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2025/09/09 1:21 a.m.•2 views

CVE-2025-43778

4.8CVSS5.3AI score0.00209EPSS

Exploits0References1

Cvelist•added 2025/09/09 1:21 a.m.•6 views

CVE-2025-43778

4.8CVSS0.00209EPSS

Exploits0References1

Positive Technologies•added 2025/09/09 12:0 a.m.•3 views

PT-2025-36542

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

4.8CVSS5.6AI score0.00209EPSS

Exploits0References8

Wordfence Blog•added 2025/09/08 3:38 p.m.•14 views

600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 💉 Participate in theSQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND...

6.5CVSS8.1AI score0.0053EPSS

Exploits0

RedhatCVE•added 2025/09/07 2:32 p.m.•2 views

CVE-2025-58842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through = 1.0.9...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

RedhatCVE•added 2025/09/06 2:27 a.m.•2 views

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

7.1CVSS7AI score0.00467EPSS

Exploits0References1

RedhatCVE•added 2025/09/05 3:22 p.m.•2 views

CVE-2025-58639

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

5.4CVSS5.9AI score0.00202EPSS

Exploits0References1

NVD•added 2025/09/05 2:15 p.m.•2 views

CVE-2025-58842

6.5CVSS0.0019EPSS

Exploits0References1

CVE•added 2025/09/05 1:45 p.m.•8 views

CVE-2025-58842

CVE-2025-58842 affects Donation Forms WP by Givecloud (WordPress plugin) up to version 1.0.9. The issue is stored XSS caused by improper input neutralization during web page generation. Likely impact is that stored payloads could be reflected to site users. Public records in the Initial and conne...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

Cvelist•added 2025/09/05 1:45 p.m.•10 views

CVE-2025-58842 WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.0019EPSS

Exploits0References1

Vulnrichment•added 2025/09/05 1:45 p.m.•1 views

CVE-2025-58842 WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

Patchstack•added 2025/09/05 1:34 p.m.•2 views

WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability