CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

CVE•added 2026/05/27 5:31 a.m.•11 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

6.1CVSS6AI score0.00101EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux - уязвимость в libjettison-java

An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...

7.5CVSS6.7AI score0.00122EPSS

Exploits1References2

Cvelist•added 2026/04/06 4:15 p.m.•16 views

CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...

4.8CVSS0.00035EPSS

Exploits0References5

Patchstack•added 2026/02/05 7:19 a.m.•5 views

WordPress Peter's Date Countdown plugin <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Peter’s Date Countdown versions = 2.0.0...

6.1CVSS5.3AI score0.00047EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2026/01/24 2:15 a.m.•2 views

CVE-2026-24401

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

6.5CVSS5.9AI score0.00061EPSS

Exploits0References3

Github Security Blog•added 2026/01/21 1:5 a.m.•6 views

ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript

Summary Stack overflow via infinite recursion in MSL Magick Scripting Language command when writing to MSL format. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD - Requires: libxml2 support for MSL parsing Steps to Reproduce Method 1: Using ImageMagick directly bash magick...

5.5CVSS5.5AI score0.00025EPSS

Exploits1References4Affected Software18

OSV•added 2026/01/15 3:15 p.m.•0 views

UBUNTU-CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS5.8AI score0.00088EPSS

Exploits0References4

ATTACKERKB•added 2026/01/15 2:20 p.m.•2 views

CVE-2026-0990

5.9CVSS5.5AI score0.00088EPSS

Exploits0References5

Cvelist•added 2026/01/15 2:20 p.m.•19 views

CVE-2026-0990 Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing

5.9CVSS0.00088EPSS

Exploits0References4

NVD•added 2026/01/07 12:16 p.m.•1 views

CVE-2025-14131

The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00249EPSS

Exploits0References4

Patchstack•added 2025/12/12 6:43 a.m.•2 views

WordPress WPLG Default Mail From plugin <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WPLG Default Mail From versions = 1.0.0...

6.1CVSS6.2AI score0.00118EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/10/20 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling invalid entity IDs, which could cause an entity to reference itself or trigger a warning...

5.9AI score0.00057EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-1077

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00122EPSS

Exploits1References7

OSV•added 2024/06/06 9:30 p.m.•1 views

GHSA-3HJH-JH2H-VRG6 Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

4.2CVSS5.8AI score0.00038EPSS

Exploits1References7

OSV•added 2024/06/06 7:15 p.m.•0 views

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

4.7CVSS5.8AI score0.00038EPSS

Exploits1References2

OSV•added 2023/12/22 11:6 a.m.•1 views

OESA-2023-1968 jettison security update

Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: An infinite recursion is triggered in Jettison when...

7.5CVSS8.1AI score0.00122EPSS

Exploits1References2

OSV•added 2023/12/22 11:6 a.m.•1 views

OESA-2023-1967 jettison security update

7.5CVSS8.1AI score0.00122EPSS

Exploits1References2

OSV•added 2023/12/22 11:6 a.m.•1 views

OESA-2023-1964 jettison security update

7.5CVSS8.1AI score0.00122EPSS

Exploits1References2

RedHat Linux•added 2023/08/31 1:28 p.m.•2 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.00122EPSS

Exploits1References5

RedHat Linux•added 2023/08/31 1:27 p.m.•2 views

jettison: Uncontrolled Recursion in JSONArray

7.5CVSS7AI score0.00122EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by