CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36773 matches found

CVE-2025-52612

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

7.1CVSS

Exploits0References1

Vulnrichment•added 8 hours ago•1 views

CVE-2025-52612 HCL iControl was affected by Export CSV - CSV Injection vulnerability.

7.1CVSS5.6AI score

Exploits0References1

CVE•added 8 hours ago•6 views

CVE-2025-52612

CVE-2025-52612 affects HCL iControl. The vulnerability is described as a CSV export injection that enables reflected cross-site scripting due to insufficient input parameter sanitization. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) indicates high impact across confidentiality, integ...

7.1CVSS5.6AI score

Exploits0References1

ATTACKERKB•added 8 hours ago•3 views

CVE-2025-52612

7.1CVSS5.6AI score

Exploits0References2Affected Software1

Nuclei•added 16 hours ago•14 views

WordPress Email Newsletter - Reflected XSS

WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...

5.4CVSS7.2AI score0.03097EPSS

Exploits1References1

Nuclei•added 16 hours ago•33 views

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

6.1CVSS6.2AI score0.33993EPSS

Exploits2References5

Nuclei•added 16 hours ago•64 views

GLPI < 10.0.17 - Pre-Auth SQL Injection

A pre-authentication SQL injection vulnerability exists in the Inventory feature of GLPI. The vulnerability is caused by insufficient sanitization of user input in the handleAgent function when processing XML requests. The issue occurs because SimpleXMLElement objects can bypass the...

9.8CVSS6.4AI score0.28839EPSS

Exploits5References3

Nuclei•added 16 hours ago•7 views

NewsTicker <= 1.0 - Reflected Cross-Site Scripting

NewsTicker WordPress plugin v1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS7.4AI score0.01725EPSS

Exploits1References2

Nuclei•added 16 hours ago•27 views

AlquistManager Local File Inclusion

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id...

7.5CVSS7.5AI score0.54584EPSS

Exploits1References4

Nuclei•added 16 hours ago•15 views

GamiPress <= 2.8.9 - SQL Injection

GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insufficient sanitization of user input, allowing attackers to execute arbitrary SQL commands. id: CVE-2024-13496 info: name: GamiPress = 2.8.9 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7.6AI score0.19312EPSS

Exploits0References2

Nuclei•added 16 hours ago•43 views

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS7.1AI score0.15248EPSS

Exploits1References4

Nuclei•added 16 hours ago•22 views

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

6.1CVSS6.9AI score0.12454EPSS

Exploits2References3

Nuclei•added 16 hours ago•22 views

WordPress Copyright Proof <=4.16 - Cross-Site-Scripting

WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...

6.1CVSS6.2AI score0.05846EPSS

Exploits2References4

Nuclei•added 16 hours ago•102 views

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.2AI score0.20956EPSS

Exploits2References4

Nuclei•added 16 hours ago•37 views

osTicket < 1.12.1 - Cross-Site Scripting

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

6.1CVSS6.8AI score0.03353EPSS

Exploits4References5

Nuclei•added 16 hours ago•30 views

ChurchCRM v4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. id: CVE-2023-31548 info: name: ChurchCRM v4.5.3 - Cross-Site Scripting author: Harsh severity: medium...

5.4CVSS6.3AI score0.23499EPSS

Exploits1References3

Nuclei•added 16 hours ago•22 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS5.7AI score0.05674EPSS

Exploits1References5

Nuclei•added 16 hours ago•26 views

WordPress WPQA <5.4 - Cross-Site Scripting

WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form. id: CVE-2022-1597 info: name: WordPress WPQA 5.4 - Cross-Site Scripting author: veshraj severity: medium description: | WordPress WPQ...

6.1CVSS6.2AI score0.2353EPSS

Exploits2References5

Nuclei•added 16 hours ago•11 views

WP Triggers Lite - Cross-Site Scripting

WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.2AI score0.02641EPSS

Exploits1References2

Nuclei•added 16 hours ago•10 views

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.2AI score0.02218EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by