CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

669 matches found

NVD•added 2025/10/15 6:15 a.m.•3 views

CVE-2025-8561

The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00211EPSS

Exploits0References3

RedhatCVE•added 2025/10/14 7:42 a.m.•4 views

CVE-2025-10557

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.5AI score0.00184EPSS

Exploits0References1

Cvelist•added 2025/10/12 5:2 a.m.•8 views

CVE-2025-11628 jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection

A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument productcode causes sql injection. It is possible...

5.8CVSS0.00235EPSS

Exploits0References4

Cvelist•added 2025/10/10 10:21 a.m.•4 views

CVE-2025-52635 HCL AION is susceptible to Trusted types in scripts not enforced in CSP

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...

3.7CVSS0.00239EPSS

Exploits0References1

Tenable Nessus•added 2025/10/10 12:0 a.m.•8 views

Debian dla-4326 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4326 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4326-1 [email protected]...

7.8CVSS5.8AI score0.00445EPSS

Exploits2References6

Vulnrichment•added 2025/10/08 3:32 a.m.•3 views

CVE-2025-11430 SourceCodester Simple E-Commerce Bookstore cart.php sql injection

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS6.7AI score0.00382EPSS

Exploits1References5