CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-10179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search...

6.1CVSS6.7AI score0.00919EPSS

CVE•added 2025/08/16 6:0 a.m.•25 views

CVE-2025-8113

CVE-2025-8113 affects the Ebook Store WordPress plugin (versions before 5.8015). The issue is a Reflected Cross-Site Scripting vulnerability where the plugin does not escape the $_SERVER['REQUEST_URI'] when outputting it into an HTML attribute, enabling a crafted URL to inject scripts in vulnerab...

6.1CVSS5.9AI score0.00207EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/08/14 7:30 p.m.•3 views

CVE-2025-43734

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

5.1CVSS5.7AI score0.00199EPSS

Cvelist•added 2025/08/14 6:21 p.m.•11 views

CVE-2025-53575 WordPress Primer MyData for Woocommerce Plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through = 4.2.5...

7.1CVSS0.00219EPSS

NVD•added 2025/08/14 11:15 a.m.•7 views

CVE-2025-49038

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through = 1.0.1...

7.1CVSS0.00219EPSS

Vulnrichment•added 2025/08/14 10:34 a.m.•3 views

CVE-2025-54683 WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4...

5.9CVSS7.2AI score0.00216EPSS

CVE•added 2025/08/14 10:34 a.m.•15 views

CVE-2025-49056

CVE-2025-49056 affects the WordPress plugin 多说社会化评论框 (versions n/a through 1.2). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L with a base score of 7.1 ...

7.1CVSS5.9AI score0.00213EPSS

Vulnrichment•added 2025/08/14 6:0 a.m.•2 views

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.8AI score0.00207EPSS

Exploits1References1

CNNVD•added 2025/08/14 12:0 a.m.•1 views

WordPress plugin 多说社会化评论框跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

7.1CVSS4.3AI score0.00213EPSS

Snyk•added 2025/07/26 12:30 a.m.•3 views

Prototype Pollution

Overview org.webjars.npm:linkifyjs is a Find URLs, email addresses, hashtags and @mentions in plain-text strings, then convert them into HTML links. Affected versions of this package are vulnerable to Prototype Pollution via the internal assign helper due to improper filtering of the proto...

8.8CVSS6.5AI score0.0048EPSS

ATTACKERKB•added 2025/07/22 11:31 a.m.•4 views

CVE-2025-4284

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rolantis Information Technologies Agentis allows Reflected XSS, DOM-Based XSS. This issue affects Agentis: before 4.32...

6.1CVSS5.4AI score0.00182EPSS

Exploits0References3

CNNVD•added 2025/07/04 12:0 a.m.•3 views

WordPress plugin Homey 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CNNVD•added 2025/07/04 12:0 a.m.•2 views

WordPress plugin WP-Recall 跨站脚本漏洞

7.1CVSS5.8AI score0.0018EPSS

CNNVD•added 2025/07/04 12:0 a.m.•3 views

WordPress plugin SB Breadcrumbs 跨站脚本漏洞

CNNVD•added 2025/06/27 12:0 a.m.•3 views

WordPress plugin MagOne 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

Hacker One•added 2025/06/17 11:40 p.m.•7 views

U.S. Dept Of Defense: Reflected XSS via user parameter on getconfig.esp endpoint

The getconfig.esp endpoint was found to reflect unsanitized user input provided in the user parameter directly into the HTML response, resulting in a Reflected Cross-Site Scripting XSS vulnerability. The affected product was Fortinet SSL VPN FortiOS version 3.0.1-10...

6.9CVSS5.9AI score0.3138EPSS

Exploits7

Vulnrichment•added 2025/06/17 3:1 p.m.•1 views

CVE-2025-39508 WordPress Nasa Core Plugin <= 6.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Nasa Core nasa-core allows Reflected XSS.This issue affects Nasa Core: from n/a through = 6.4.4...