CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. and provides APIs in multiple languages. A resource management error vulnerability exists in Redis 8.2.1 and earlier versions, which stems from a specially...

9.9CVSS8.3AI score0.11111EPSS

Exploits13References4

CNNVD•added 2025/10/02 12:0 a.m.•3 views

ERPNext 跨站脚本漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

5.4CVSS6AI score0.00033EPSS

Exploits2References5

RedhatCVE•added 2025/08/30 6:17 p.m.•1 views

CVE-2025-48351

Cross-Site Request Forgery CSRF vulnerability in PluginsPoint Kento Splash Screen kento-splash-screen allows Stored XSS.This issue affects Kento Splash Screen: from n/a through = 1.4...

7.1CVSS5.9AI score0.00025EPSS

Exploits0References1

CNNVD•added 2025/08/18 12:0 a.m.•4 views

Shaarli 安全漏洞

Shaarli is a suite of website cloning tools. A security vulnerability exists in Shaarli versions prior to 0.15.0, which stems from an input string that is not properly cleaned and is susceptible to reflective cross-site scripting attacks...

7.1CVSS6.1AI score0.00034EPSS

Exploits0References3

RedhatCVE•added 2025/08/16 11:25 a.m.•3 views

CVE-2025-28975

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through = 3.0.1...

7.1CVSS5.9AI score0.00051EPSS

Exploits0References1

Cvelist•added 2025/08/15 8:25 a.m.•5 views

CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00025EPSS

Exploits0References3

Vulnrichment•added 2025/08/14 10:34 a.m.•2 views

CVE-2025-49044 WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through = 1.1.1...

7.1CVSS5.9AI score0.00027EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:4 a.m.•3 views

CVE-2023-2044

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the...

6.1CVSS6.1AI score0.00276EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:2 a.m.•3 views

CVE-2023-1861

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.00345EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by