CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

Vulnrichment•added 2026/05/19 10:28 p.m.•5 views

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

5.8AI score0.00033EPSS

Exploits0References1

NVD•added 2026/03/25 5:16 p.m.•0 views

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 7:30 p.m.•4 views

CVE-2025-68031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through = 2.7.3...

7.1CVSS5.5AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:16 a.m.•3 views

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

6.8CVSS6.4AI score0.00027EPSS

Exploits0References1

CVE•added 2025/12/31 7:54 p.m.•14 views

CVE-2025-23667

CVE-2025-23667 concerns WordPress plugin custom-post-edit (

7.1CVSS7.2AI score0.0008EPSS

Exploits0References1

CNNVD•added 2025/12/31 12:0 a.m.•1 views

WordPress plugin BuddyPress Activity Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site scripting...

6.5CVSS5.8AI score0.00029EPSS

Exploits0References1

Positive Technologies•added 2025/12/29 12:0 a.m.•3 views

PT-2025-53798

Name of the Vulnerable Software and Affected Versions Hiroaki Miyashita Custom Field Template versions through 2.7.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting issue. This allows for the...

6.5CVSS6.4AI score0.00029EPSS

Exploits0References3

CNNVD•added 2025/12/24 12:0 a.m.•1 views

WordPress plugin WPBakery Visual Composer WHMCS Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.9CVSS6.1AI score0.00027EPSS

Exploits0References1

EUVD•added 2025/12/17 12:4 a.m.•2 views

EUVD-2025-203860

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS5.7AI score0.00036EPSS

Exploits0References2

CNNVD•added 2025/12/09 12:0 a.m.•2 views

TalentSoft e-BAP Automation 跨站脚本漏洞

TalentSoft e-BAP Automation is an enterprise management automation platform from TalentSoft Turkey. A cross-site scripting vulnerability exists in TalentSoft e-BAP Automation version 1.8.96 up to and including v.41815, which stems from improper input neutralization and could lead to cross-site...

5.3CVSS6AI score0.00032EPSS

Exploits0References1

Cvelist•added 2025/11/17 11:39 a.m.•3 views

CVE-2025-40834

6.8CVSS0.00027EPSS

Exploits0References1

CNNVD•added 2025/11/17 12:0 a.m.•2 views

Maxum Rumpus FTP Server 跨站脚本漏洞

Maxum Rumpus FTP Server is an FTP server software from Maxum. A cross-site scripting vulnerability exists in Maxum Rumpus FTP Server version 9.0.12, which stems from improper input neutralization and could lead to cross-site scripting attacks...

6.1CVSS6AI score0.00022EPSS

Exploits0References1

Positive Technologies•added 2025/11/06 12:0 a.m.•3 views

PT-2025-45236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through = 3.0.2...

7.1CVSS6.4AI score0.00031EPSS

Exploits0References2

Positive Technologies•added 2025/11/04 12:0 a.m.•2 views

PT-2025-45033

Name of the Vulnerable Software and Affected Versions Salesforce Agentforce Vibes Extension versions prior to 3.2.0 Description An issue exists in Salesforce Agentforce Vibes Extension related to improper neutralization of input used for LLM prompting, which can lead to code injection. The issue...

6.5CVSS7.2AI score0.00045EPSS

Exploits0References4

Vulnrichment•added 2025/10/27 1:34 a.m.•1 views

CVE-2025-62985 WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...

6.5CVSS5.6AI score0.0003EPSS

Exploits0References1

RedhatCVE•added 2025/10/23 3:14 p.m.•1 views

CVE-2025-52754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in selloio Sello ChannelConnector sello-channelconnector allows Reflected XSS.This issue affects Sello ChannelConnector: from n/a through = 1.6.3...

7.1CVSS6.4AI score0.00075EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-10934

Malware in sbrugna...

6.1CVSS6.2AI score0.00444EPSS

Exploits0References2

NVD•added 2025/09/22 7:16 p.m.•2 views

CVE-2025-58652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: from n/a through = 1.8...

6.5CVSS0.00042EPSS

Exploits0References1

NVD•added 2025/09/05 2:16 p.m.•2 views

CVE-2025-58876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

6.5CVSS0.00047EPSS

Exploits0References1

NVD•added 2025/09/05 2:15 p.m.•4 views

CVE-2025-58850

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in marcshowpass Showpass WordPress Extension showpass allows Stored XSS.This issue affects Showpass WordPress Extension: from n/a through = 4.0.3...

6.5CVSS0.00047EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by