CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

Snyk•added 2026/04/25 6:32 p.m.•5 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the createtemplate function of the Dashboard API. An attacker can access sensitive information, modify data, or disrupt...

5.8CVSS5.8AI score0.0002EPSS

Exploits0References3

EUVD•added 2026/01/30 6:4 a.m.•3 views

EUVD-2026-5044

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS6.5AI score0.00173EPSS

Exploits0References1

CNNVD•added 2025/12/09 12:0 a.m.•1 views

WordPress plugin Tutor LMS Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.8AI score0.00029EPSS

Exploits0References1

CNVD•added 2025/11/24 12:0 a.m.•3 views

Revive Adserver Username In-Blank Neutralization and Improper Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

5.4CVSS6.9AI score0.00011EPSS

Exploits1References1

CVE•added 2025/10/22 2:32 p.m.•3 views

CVE-2025-58961

CVE-2025-58961 is a DOM-based XSS vulnerability in the WordPress CF7 Auto Responder Addon (CF7-autoresponder-addon), affecting versions up to and including 2.4. The issue arises from improper input handling during web page generation, enabling cross-site scripting. Public writeups from CNVD, RH, ...

7.1CVSS6AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-49947 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

7.1CVSS6AI score0.00012EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-2971

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00102EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11766

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00116EPSS

Exploits0References1