CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

RedhatCVE•added 2026/02/21 7:30 p.m.•1 views

CVE-2025-69389

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through = 1.2.6...

7.1CVSS5.5AI score0.00045EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•1 views

CVE-2025-69389

7.1CVSS0.00045EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•17 views

CVE-2025-69389 WordPress Visitor Maps Extended Referer Field plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00045EPSS

Exploits0References1

CVE•added 2026/02/20 3:46 p.m.•3 views

CVE-2025-69389

CVE-2025-69389 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin Visitor Maps Extended Referer Field (versions up to and including 1.2.6). The issue arises from improper neutralization of input during web page generation, enabling the injection of script code when the affe...

7.1CVSS5.5AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-69389 WordPress Visitor Maps Extended Referer Field plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS5.3AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/02/20 12:0 a.m.•2 views

PT-2026-21170

Name of the Vulnerable Software and Affected Versions Hugh Mungus Visitor Maps Extended Referer Field versions through 1.2.6 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This...

5.4AI score0.00045EPSS

Exploits0References3

CNNVD•added 2026/02/20 12:0 a.m.•4 views

WordPress plugin Visitor Maps Extended Referer Field 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS5.7AI score0.00045EPSS

Exploits0References1

Patchstack•added 2026/02/10 11:41 a.m.•2 views

WordPress Visitor Maps Extended Referer Field plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Visitor Maps Extended Referer Field versions = 1.2.6...

7.1CVSS5.4AI score0.00045EPSS

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-2633

Malware in sbrugna...

4.3CVSS6.4AI score0.00675EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11551

Malware in sbrugna...

6.1CVSS6.1AI score0.12498EPSS

Exploits5References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-10013

Malware in sbrugna...

6.1CVSS6.3AI score0.00638EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2004-1572

Malware in sbrugna...

4.3CVSS6.4AI score0.00497EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-4010

Malware in sbrugna...

5CVSS6.4AI score0.00463EPSS

Exploits0References6

OSV•added 2025/08/23 2:15 a.m.•2 views

CVE-2025-43770

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

6.1CVSS5.9AI score0.00046EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:37 a.m.•3 views

CVE-2019-15826

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field...

9.8CVSS7.1AI score0.01118EPSS

Exploits1References1

ATTACKERKB•added 2023/01/23 5:15 a.m.•0 views

CVE-2023-24070

app/View/AuthKeys/authkeydisplay.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field...

6.1CVSS5.9AI score0.00234EPSS

Exploits0References3

Positive Technologies•added 2023/01/23 12:0 a.m.•1 views

PT-2023-19388 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions 2.4.167 and earlier Description: The issue is related to an XSS in authkey add via a Referer field in the app/View/AuthKeys/authkey display.ctp file. Recommendations: For MISP versions 2.4.167 and earlier, as a temporary...

6.1CVSS5.9AI score0.00234EPSS

Exploits0References7

OSV•added 2021/04/30 9:15 p.m.•0 views

CVE-2020-18084

Cross Site Scripting XSS in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in...

6.1CVSS6.7AI score

Exploits0References1

NVD•added 2019/08/30 1:15 p.m.•10 views

CVE-2019-15826

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field...

9.8CVSS9.6AI score0.01118EPSS

Exploits1References3

OSV•added 2019/08/30 1:15 p.m.•0 views

CVE-2019-15826

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field...

9.8CVSS7.3AI score

Exploits0References3