CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.1CVSS5.2AI score0.00186EPSS

Exploits1References1

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40451

Name of the Vulnerable Software and Affected Versions Yoast SEO Premium plugin for WordPress versions 25.7 through 25.9 Description The software is susceptible to a Stored Cross-Site Scripting issue stemming from a flawed regular expression used to remove an attribute within post content. This fl...

6.4CVSS5.8AI score0.00308EPSS

Exploits0References9

Positive Technologies•added 2025/10/03 12:0 a.m.•5 views

PT-2025-40461

Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.21 and below Description A stored Cross-Site Scripting XSS issue exists in the "Twitter" feature. An authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the...

5.1CVSS5.5AI score0.00186EPSS

Exploits1References5

Tenable Nessus•added 2025/10/02 12:0 a.m.•3 views

Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4 (SVD-2025-1003)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1003 advisory. - In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108,...

5.7CVSS5.9AI score0.00327EPSS

Exploits0References2

RedhatCVE•added 2025/09/30 6:41 p.m.•10 views

CVE-2025-57877

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

4.8CVSS6.6AI score0.00204EPSS

Exploits0References1

NVD•added 2025/09/29 7:15 p.m.•6 views

CVE-2025-57424

A stored cross-site scripting XSS vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the...

7.3CVSS0.00243EPSS

Exploits0References1

CVE•added 2025/09/29 6:34 p.m.•18 views

CVE-2025-57877

CVE-2025-57877 affects Esri Portal for ArcGIS

4.8CVSS6.2AI score0.00204EPSS

Exploits0References1Affected Software1

CVE•added 2025/09/25 3:10 p.m.•13 views

CVE-2025-33116

IBM Watson Studio on Cloud Pak for Data versions 4.0–5.2.0 are affected by CVE-2025-33116, a cross-site scripting flaw caused by insufficient input filtering in the Web UI that could allow an authenticated user to inject arbitrary JavaScript and potentially disclose credentials in a trusted sessi...

5.4CVSS5.8AI score0.00162EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by