CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5093 matches found

Patchstack•added 2025/04/16 5:46 p.m.•3 views

WordPress Starfish Review Generation & Marketing plugin <= 3.1.19 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin Starfish Review Generation & Marketing versions = 3.1.19...

8.8CVSS8.4AI score0.0037EPSS

Exploits0Affected Software1

ATTACKERKB•added 2025/04/16 3:16 p.m.•1 views

CVE-2025-22125

In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQIDLE is ignored. And turns out...

5.5CVSS5.5AI score0.00027EPSS

Exploits0References5Affected Software1

Patchstack•added 2025/04/16 2:7 p.m.•7 views

WordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Html5 Audio Player versions = 2.2.28...

6.5CVSS7.2AI score0.00532EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/16 1:59 p.m.•7 views

WordPress Hostel plugin <= 1.1.5.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Hostel versions = 1.1.5.6...

7.6CVSS8.9AI score0.00408EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/16 1:57 p.m.•5 views

WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PropertyHive versions = 2.1.2...

6.5CVSS7.2AI score0.00237EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/16 1:57 p.m.•4 views

WordPress Responsive Blocks plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Responsive Blocks versions = 2.0.2...

6.5CVSS7.1AI score0.00214EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/16 1:57 p.m.•8 views

WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Membership For WooCommerce versions = 2.8.0...

6.5CVSS7.2AI score0.00214EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/16 1:37 p.m.•4 views

WordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin HelpGent versions = 2.2.5...

9.8CVSS8.5AI score0.0051EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/15 7:15 p.m.•3 views

WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin KiotViet Sync versions = 1.8.4...

8.5CVSS9.1AI score0.00353EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/15 5:1 p.m.•3 views

WordPress Feedify – Web Push Notifications plugin <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Feedify – Web Push Notifications versions = 2.4.5...

7.1CVSS7AI score0.00669EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/15 4:52 p.m.•10 views

WordPress Widget for Social Page Feeds plugin < 6.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Widget for Social Page Feeds versions 6.4.2...

4.8CVSS7.3AI score0.00224EPSS

Exploits1References1Affected Software1

OSV•added 2025/04/15 2:48 p.m.•0 views

GHSA-QC59-CXJ2-C2W4 aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

2.2CVSS6.1AI score

Exploits0References4

Github Security Blog•added 2025/04/15 2:48 p.m.•4 views

aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

7.2AI score

Exploits0References4Affected Software1

Patchstack•added 2025/04/15 6:53 a.m.•3 views

WordPress Run Contests, Raffles, and Giveaways plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Run Contests, Raffles, and Giveaways with ContestsWP versions = 2.1.1...

7.1CVSS8.2AI score0.00669EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/04/15 12:0 a.m.•3 views

PT-2025-19363 · Npm · Aws-Cdk-Lib

2.2CVSS7.3AI score

Exploits0References5

Patchstack•added 2025/04/15 12:0 a.m.•6 views

WordPress Betheme Theme <= 28.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 28.0.3 Fixed in 28.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-3077 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7b297a9d938e Credits Webbernaut Required privilege...

6.4CVSS5.8AI score0.00326EPSS

Exploits0References2Affected Software1

Patchstack•added 2025/04/14 5:46 p.m.•2 views

WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin All push notification for WP versions = 1.5.3...

7.1CVSS7AI score0.0016EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/14 5:45 p.m.•3 views

WordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Products without featured images versions = 0.1...

7.1CVSS7AI score0.0016EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/14 5:43 p.m.•3 views

WordPress Event Espresso plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Event Espresso – Custom Email Template Shortcode versions = 1.0.0...

7.1CVSS6.9AI score0.00669EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/14 1:31 p.m.•5 views

WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin TuriTop Booking System versions = 1.0.10...

8.8CVSS8.6AI score0.00673EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by