CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6714 matches found

EUVD•added 2025/11/05 4:31 p.m.•5 views

EUVD-2025-37891

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

9.4CVSS7AI score0.00878EPSS

Exploits0References2

Vulnrichment•added 2025/11/05 4:31 p.m.•3 views

CVE-2025-20358 Cisco Unified Contact Center Express Editor Authentication Bypass Vulnerability

9.4CVSS7.2AI score0.00878EPSS

Exploits0References1

CNVD•added 2025/11/05 12:0 a.m.•2 views

WordPress K Elements plugin cross-site scripting vulnerability

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

6.5CVSS6.1AI score0.00132EPSS

Exploits0References1

Positive Technologies•added 2025/11/05 12:0 a.m.•3 views

PT-2025-45130

Name of the Vulnerable Software and Affected Versions Cisco Unified CCX versions affected versions not specified Description A flaw exists in the Contact Center Express CCX Editor application that could allow a remote attacker to circumvent authentication and gain administrative privileges relate...

9.8CVSS8.2AI score0.00878EPSS

Exploits0References8

CNVD•added 2025/11/05 12:0 a.m.•0 views

WordPress Flying Images plugin cross-site scripting vulnerability

WordPress Flying Images plugin is a WordPress plugin that is mainly used to optimize and delay loading images to improve page loading speed. WordPress Flying Images plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping ...

4.4CVSS6.1AI score0.00197EPSS

Exploits0References1

CVE•added 2025/11/03 9:56 p.m.•10 views

CVE-2016-15054

CVE-2016-15054 is rejected/not used and does not represent an active vulnerability entry.

5.8AI score0.00376EPSS

Exploits5

RedhatCVE•added 2025/10/31 10:8 p.m.•6 views

CVE-2023-7315

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.2AI score0.00417EPSS

Exploits0References1

RedhatCVE•added 2025/10/31 10:8 p.m.•5 views

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

5.4CVSS6.3AI score0.00341EPSS

Exploits0References1

RedhatCVE•added 2025/10/31 10:8 p.m.•8 views

CVE-2023-7318

Nagios XI versions prior to 2024R1.0.2 are vulnerable to cross-site scripting XSS via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.3AI score0.00477EPSS

Exploits0References1

RedhatCVE•added 2025/10/31 10:7 p.m.•6 views

CVE-2016-15052

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.2AI score0.00363EPSS

Exploits0References1

RedhatCVE•added 2025/10/31 10:7 p.m.•9 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS6.3AI score0.00341EPSS

Exploits0References1

EUVD•added 2025/10/31 12:30 a.m.•2 views

EUVD-2024-55045

Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.7AI score0.00477EPSS

Exploits0References4

EUVD•added 2025/10/31 12:30 a.m.•4 views

EUVD-2018-21610

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting XSS via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.6AI score0.0042EPSS

Exploits0References3

RedhatCVE•added 2025/10/31 12:13 a.m.•3 views

CVE-2025-63885

A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...

6.1CVSS5.7AI score0.00164EPSS

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•5 views

Client Details System clientview.php File Cross-Site Scripting Vulnerability

Client Details System is a client information system. Client Details System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/clientview.php, which can be exploited by an attacker to execute...

5.4CVSS6.1AI score0.002EPSS

Exploits1References1

CNVD•added 2025/10/31 12:0 a.m.•3 views

Simple Food Ordering System editcategory.php file cross-site scripting vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter pname in the file /editcategory.php, which can be exploit...

6.1CVSS4.8AI score0.00313EPSS

Exploits1References1

CNVD•added 2025/10/31 12:0 a.m.•3 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

6.4CVSS5.9AI score0.00144EPSS

Exploits0References1

Positive Technologies•added 2025/10/31 12:0 a.m.•2 views

PT-2025-114: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript, leading to script execution in victims’ browsers and enabling social‑engineering attacks. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS6AI score

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•2 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

5.4CVSS6.1AI score0.00403EPSS

Exploits0References1

NVD•added 2025/10/30 10:15 p.m.•3 views

CVE-2023-53689

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

6CVSS0.0072EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by