CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101 matches found

RedhatCVE•added 2026/01/09 9:51 a.m.•3 views

CVE-2020-10247

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

6.1CVSS6AI score0.00328EPSS

Exploits0References1

NVD•added 2026/01/09 8:15 a.m.•1 views

CVE-2025-14146

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS0.00026EPSS

Exploits0References6

CVE•added 2026/01/09 7:22 a.m.•11 views

CVE-2025-14146

CVE-2025-14146 is a Booking Calendar WordPress plugin issue (up to version 10.14.10) where unauthenticated attackers can exfiltrate sensitive booking data via the WPBC_FLEXTIMELINE_NAV AJAX action. The root cause is that nonce verification is conditionally disabled by default because the setting ...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References6

Vulnrichment•added 2026/01/09 7:22 a.m.•1 views

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

5.3CVSS5.8AI score0.00026EPSS

Exploits0References6

Cvelist•added 2026/01/09 7:22 a.m.•23 views

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

5.3CVSS0.00026EPSS

Exploits0References6

RedhatCVE•added 2025/12/14 5:3 a.m.•2 views

CVE-2025-14394

The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they...

4.3CVSS5.4AI score0.00013EPSS

Exploits0References1

EUVD•added 2025/12/13 6:30 p.m.•1 views

EUVD-2025-203205

4.3CVSS4.9AI score0.00013EPSS

Exploits0References3

NVD•added 2025/12/13 4:16 p.m.•1 views

CVE-2025-14394

4.3CVSS0.00013EPSS

Exploits0References2

NVD•added 2025/12/13 4:16 p.m.•1 views

CVE-2025-14395

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS0.00036EPSS

Exploits0References2

CVE•added 2025/12/13 4:31 a.m.•5 views

CVE-2025-14394

CVE-2025-14394 (Popover Windows, WordPress) is a CSRF vulnerability in Popover Windows plugin ≤ 1.2 caused by missing nonce verification. This allows unauthenticated attackers to update plugin settings by tricking an admin into performing an action (e.g., clicking a forged link). Connected source...

4.3CVSS5AI score0.00013EPSS

Exploits0References2

Vulnrichment•added 2025/12/13 4:31 a.m.•2 views

CVE-2025-14394 Popover Windows <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update

4.3CVSS5AI score0.00013EPSS

Exploits0References2

Cvelist•added 2025/12/13 4:31 a.m.•20 views

CVE-2025-14394 Popover Windows <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update

4.3CVSS0.00013EPSS

Exploits0References2

CVE•added 2025/12/13 4:31 a.m.•4 views

CVE-2025-14395

The CVE CVE-2025-14395 concerns the Popover Windows WordPress plugin (versions

4.3CVSS4.8AI score0.00036EPSS

Exploits0References2

Vulnrichment•added 2025/12/13 4:31 a.m.•2 views

CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions

4.3CVSS4.8AI score0.00036EPSS

Exploits0References2

Cvelist•added 2025/12/13 4:31 a.m.•23 views

CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions

4.3CVSS0.00036EPSS

Exploits0References2

Patchstack•added 2025/12/13 1:22 a.m.•5 views

WordPress Popover Windows plugin <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Popover Configuration Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Popover Windows versions = 1.2...

4.3CVSS6.8AI score0.00036EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/13 1:13 a.m.•5 views

WordPress Popover Windows plugin <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Popover Windows versions = 1.2...

4.3CVSS6.8AI score0.00013EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/12/13 12:0 a.m.•1 views

WordPress plugin Popover Windows 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

4.3CVSS6.3AI score0.00036EPSS

Exploits0References3

CNNVD•added 2025/12/13 12:0 a.m.•1 views

WordPress plugin Popover Windows 跨站请求伪造漏洞

4.3CVSS6.4AI score0.00013EPSS

Exploits0References3

Positive Technologies•added 2025/12/13 12:0 a.m.•2 views

PT-2025-51070

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., pop submit, poptheme submit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.2AI score0.00036EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by