CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

528 matches found

Patchstack•added 2025/11/20 2:32 a.m.•3 views

WordPress Image Hover Effects Ultimate plugin <= 9.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Image Hover Effects Ultimate versions = 9.10.5...

6.4CVSS5.7AI score0.00046EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/04 12:38 p.m.•5 views

WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Upload vulnerability discovered by theviper17y in WordPress Plugin Image Hover Effects for Elementor versions = 1.0.2.3...

8.8CVSS6.7AI score0.00517EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/11/04 12:0 a.m.•4 views

WordPress plugin多款产品安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

8.8CVSS7.4AI score0.00517EPSS

Exploits0References5

Github Security Blog•added 2025/10/14 7:36 p.m.•7 views

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name

Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...

9.3CVSS6.1AI score0.00015EPSS

Exploits0References7Affected Software1