CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

218 matches found

Patchstack•added 2026/04/29 2:11 p.m.•2 views

WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Favicon Rotator versions = 1.2.11...

5.8AI score

Exploits0Affected Software1

Vulnrichment•added 2026/04/28 4:28 a.m.•2 views

CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00042EPSS

Exploits0References5

Cvelist•added 2026/04/28 4:28 a.m.•28 views

CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

6.4CVSS0.00042EPSS

Exploits0References5

ATTACKERKB•added 2026/04/28 4:28 a.m.•2 views

CVE-2026-6725

6.4CVSS5.5AI score0.00042EPSS

Exploits0References6

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35659

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsm text rotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00042EPSS

Exploits0References8

Patchstack•added 2026/04/14 11:37 a.m.•2 views

WordPress Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget plugin <= 3.5.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget versions = 3.5.6...

5.8AI score

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/06 7:53 a.m.•1 views

CVE-2026-28112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

7.1CVSS5.8AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/03/05 6:30 a.m.•3 views

EUVD-2026-9765

7.1CVSS5.9AI score0.00045EPSS

Exploits0References2

NVD•added 2026/03/05 6:16 a.m.•1 views

CVE-2026-28112

7.1CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:54 a.m.•2 views

CVE-2026-28112 WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS5.9AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:54 a.m.•25 views

CVE-2026-28112 WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00045EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:54 a.m.•5 views

CVE-2026-28112

5.9AI score0.00045EPSS

Exploits0References2

CVE•added 2026/03/05 5:54 a.m.•6 views

CVE-2026-28112

CVE-2026-28112 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin AllInOne - Banner Rotator (also listed as all-in-one-bannerRotator). The issue affects versions

7.1CVSS5.9AI score0.00045EPSS

Exploits0References1

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin AllInOne - Banner Rotator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/03/05 12:0 a.m.•2 views

PT-2026-23385

5.9AI score0.00045EPSS

Exploits0References2

Patchstack•added 2026/02/26 11:48 a.m.•4 views

WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress AllInOne - Banner Rotator plugin = 3.8 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin AllInOne - Banner Rotator versions = 3.8...

7.1CVSS5.9AI score0.00045EPSS

Exploits0Affected Software1

NVD•added 2026/02/06 5:16 p.m.•2 views

CVE-2019-25293

BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Bluestacks\HD-LogRotatorService.exe to inject...

8.5CVSS0.00018EPSS

Exploits0References3

Cvelist•added 2026/02/06 4:42 p.m.•25 views

CVE-2019-25293 Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path

8.5CVSS0.00018EPSS

Exploits0References3

EUVD•added 2026/02/06 4:42 p.m.•3 views

EUVD-2019-19409

8.5CVSS5.7AI score0.00018EPSS

Exploits0References3

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6735

BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:Program Files x86BluestacksHD-LogRotatorService.exe to inject...

8.5CVSS5.9AI score0.00018EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by