CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/10 12:43 p.m.•5 views

CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

6.4CVSS6AI score0.00047EPSS

Cvelist•added 2026/05/10 12:43 p.m.•28 views

CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

6.4CVSS0.00047EPSS

ATTACKERKB•added 2026/05/10 12:43 p.m.•5 views

CVE-2021-47922

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/10 12:43 p.m.•28 views

CVE-2021-47907 Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

6.4CVSS0.00032EPSS

CVE•added 2026/05/10 12:43 p.m.•10 views

CVE-2021-47907

Rocket LMS 1.1 is affected by a persistent cross-site scripting (XSS) vulnerability in the support ticket module. The issue arises from the title parameter, allowing authenticated users to inject HTML/JavaScript payloads that can execute in the browsers of other users viewing the message history,...

6.4CVSS5.7AI score0.00032EPSS

Cvelist•added 2026/05/10 12:12 p.m.•28 views

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS0.00042EPSS

CVE•added 2026/05/10 12:12 p.m.•7 views

CVE-2022-50966

CVE-2022-50966 affects uBidAuction 2.0.1 in the news/manage module. The vulnerability is a reflected XSS in which the filter functionality does not properly sanitize the date_created, date_from, date_to, and created_at parameters, allowing an attacker to inject malicious scripts via crafted GET r...

6.1CVSS5.7AI score0.00042EPSS

Cvelist•added 2026/05/10 12:12 p.m.•25 views

CVE-2022-50962 uBidAuction 2.0.1 myOrders Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS0.00042EPSS

CVE•added 2026/05/10 12:12 p.m.•9 views

CVE-2022-50962

uBidAuction 2.0.1 is affected by a reflected XSS in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject and execute malicious scripts via crafted GET requests in vic...

6.1CVSS5.7AI score0.00042EPSS

Vulnrichment•added 2026/05/10 12:12 p.m.•4 views

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

6.1CVSS5.9AI score0.00089EPSS

ATTACKERKB•added 2026/05/10 12:12 p.m.•5 views

CVE-2022-50958

6.1CVSS5.9AI score0.00089EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/10 12:12 p.m.•27 views

CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

6.1CVSS0.00068EPSS

Exploits1References3

Cvelist•added 2026/05/10 12:12 p.m.•23 views

CVE-2022-50956 WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php ...

6.9CVSS0.00044EPSS

EUVD•added 2026/05/10 9:31 a.m.•9 views

EUVD-2026-28988

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...

ATTACKERKB•added 2026/05/10 6:15 a.m.•4 views

Exploits0References9

CVE-2026-8235

Exploits0References8Affected Software1

CVE•added 2026/05/10 6:15 a.m.•8 views

CVE-2026-8235

The CVE-2026-8235 entry concerns 8421bit MiniClaw versions 0.8.0/0.9.0. The vulnerability is in the System Command Handler’s kernel.ts (resolveSkillScriptPath) where input manipulation enables OS command injection. CVSS metrics indicate Medium severity with ADJACENT attack vector and low privileg...

Vulnrichment•added 2026/05/10 6:15 a.m.•6 views

Exploits0References8

CVE-2026-8235 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection