CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

501 matches found

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References1

Japan Vulnerability Notes•added 2026/05/27 6:9 a.m.•5 views

Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 Impact Regarding the impact of the vulnerabilit...

7.5CVSS7.2AI score0.00154EPSS

Exploits0References9

NVD•added 2026/05/27 2:16 a.m.•11 views

CVE-2026-6565

6.4CVSS0.00032EPSS

Exploits0References2

Vulnrichment•added 2026/05/27 1:26 a.m.•8 views

CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title

6.4CVSS6AI score0.00032EPSS

Exploits0References2

Cvelist•added 2026/05/27 1:26 a.m.•29 views

CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title

6.4CVSS0.00032EPSS

Exploits0References2

EUVD•added 2026/05/27 1:26 a.m.•9 views

EUVD-2026-32037

6.4CVSS6AI score0.00032EPSS

Exploits0References2

CVE•added 2026/05/27 1:26 a.m.•10 views

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress (WordPress plugin family) contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin-facing endpoint /wp-json/agwp/v1/tokens/save. Affects versions up to 2.5.0; root cause i...

6.4CVSS6AI score0.00032EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References2

Patchstack•added 2026/05/26 12:12 p.m.•6 views

WordPress Style Kits for Elementor plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Style Kits versions = 2.5.0...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Securelist•added 2026/05/07 10:0 a.m.•11 views

Exploits and vulnerabilities in Q1 2026

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems. In this report, we dive into the statistics on published vulnerabilities and...

10CVSS7.9AI score0.94436EPSS

Exploits220

CNNVD•added 2026/04/23 12:0 a.m.•7 views

LangSmith Client SDKs 信息泄露漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. LangSmith Client SDKs have a vulnerability related to information leakage, which stems from the fact that output editing controls do not apply to streaming token events, potentially leading to sensitive LLM outputs being...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References1

The Hacker News•added 2026/03/26 11:45 a.m.•5 views

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery...

6.2AI score

Exploits0

The Hacker News•added 2026/03/09 1:46 p.m.•26 views

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real...

10CVSS8AI score0.94124EPSS

Exploits499

Japan Vulnerability Notes•added 2026/02/17 11:46 a.m.•6 views

Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to...

7.5CVSS5.5AI score0.00089EPSS

Exploits0References5

HackRead•added 2026/02/13 11:24 a.m.•4 views

The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses...

5.4AI score

Exploits0

RedhatCVE•added 2026/02/13 1:31 a.m.•3 views

CVE-2025-70092

A cross-site scripting XSS vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter...

5.5CVSS5.5AI score0.00017EPSS

Exploits1References1

NVD•added 2026/02/12 11:16 p.m.•4 views

CVE-2025-70092

5.5CVSS0.00017EPSS

Exploits1References1