CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 7 hours ago•4 views

CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

8.8CVSS

CVE•added 7 hours ago•8 views

CVE-2019-25745

CVE-2019-25745 affects WordPress Plugin Google Review Slider 6.1. The vulnerability is a time-based blind SQL injection in the tid parameter, exploitable via GET requests to the plugin’s admin interface by unauthenticated attackers to manipulate queries and potentially extract data. According to ...

ATTACKERKB•added 7 hours ago•2 views

CVE-2019-25745

Exploits0References3Affected Software1

Vulnrichment•added 7 hours ago•3 views

CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

EUVD•added 7 hours ago•1 views

EUVD-2019-20181

CVE•added 7 hours ago•5 views

CVE-2019-25742

CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...

6.4CVSS5.7AI score

Exploits0References4

Nuclei•added 17 hours ago•20 views

WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection

WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead...

8.8CVSS7.3AI score0.32911EPSS

Exploits2References4

Positive Technologies•added 20 hours ago•4 views

PT-2026-46215

RedhatCVE•added yesterday•5 views

Exploits0References4

CVE-2026-10295

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.00013EPSS

EUVD•added yesterday•4 views

EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

5.8AI score

CVE•added yesterday•4 views

CVE-2026-8879

CVE-2026-8879 affects Securly Chrome Extension v3.0.7. The vulnerability stems from dynamically registering content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), a script not declared in manifest.json that bypasses the Chrome Web Store static security revi...

7.5CVSS5.8AI score

Exploits0References1Affected Software1

Positive Technologies•added yesterday•5 views

PT-2026-46051

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software dynamically registers content13.min.js as a content script at runtime using the chrome.scripting.registerContentScripts function. Because this script is not declared in the...

5.8AI score

EUVD•added 2 days ago•5 views

EUVD-2026-33904

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00089EPSS

Cvelist•added 2 days ago•33 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

0.00089EPSS