CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1126971 matches found

RedhatCVE•added 2026/06/05 7:34 p.m.•5 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.6AI score0.00009EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00037EPSS

Exploits0References1

EUVD•added 2026/06/05 7:34 p.m.•9 views

EUVD-2026-34911

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS5.2AI score0.00032EPSS

Exploits0References1

CVE•added 2026/06/05 7:34 p.m.•16 views

CVE-2026-25624

CVE-2026-25624 is an administrative cross-site scripting vulnerability in the web UI dashboard layout of Arista Edge Threat Management NGFW. The issue involves unvalidated user-supplied variables echoed back to administrative profiles, enabling XSS when an attacker has administrative UI access. A...

5.8CVSS5.2AI score0.00032EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/06/05 7:34 p.m.•4 views

CVE-2026-25624

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS5.2AI score0.00032EPSS

Exploits0References2

Vulnrichment•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-25624 Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS5.2AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

6.4CVSS5.7AI score0.00027EPSS

Exploits0References1

Cvelist•added 2026/06/05 7:34 p.m.•24 views

CVE-2026-25624 Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS0.00032EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•5 views

CVE-2026-1395

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's blockid attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduce...

6.4CVSS5.7AI score0.00014EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1845

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS5.6AI score0.0001EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•5 views

CVE-2026-1607

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.7AI score0.00037EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-10057

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.5AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-1450

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

6.1CVSS5.7AI score0.00089EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-10100

The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields Page Background, Form Background, Text Color, Link Color in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values th...

4.4CVSS5.4AI score0.00035EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-10058

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.5AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•5 views

CVE-2026-9022

The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.6AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:33 p.m.•7 views

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS5.5AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:33 p.m.•5 views

CVE-2026-9646

A reflected cross-site scripting issue exists in URL handling...

6.1CVSS5.2AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:33 p.m.•6 views

CVE-2026-9714

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:33 p.m.•6 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.5AI score0.00062EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by