CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/07 9:19 a.m.•1 views

CVE-2025-12067

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00027EPSS

CVE•added 2025/12/13 4:31 a.m.•9 views

CVE-2025-14540

CVE-2025-14540 affects the WordPress Userback plugin: versions up to and including 1.0.15 suffer a missing capability check in userback_get_json, enabling authenticated users with Subscriber+ access to exfiltrate the plugin’s configuration data, including the Userback API access token, and privat...

4.3CVSS4.8AI score0.0004EPSS

Exploits0References2

OSV•added 2025/10/29 9:48 p.m.•4 views

GHSA-3M8R-W7XG-JQVW DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads...

10CVSS6.8AI score0.20172EPSS

Exploits3References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-14835

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00241EPSS

OSV•added 2025/09/15 10:15 p.m.•2 views

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.4CVSS6.8AI score0.00087EPSS

CNNVD•added 2024/06/11 12:0 a.m.•2 views

SAP Financial Consolidation Cross-Site Scripting Vulnerability

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. A cross-site scripting vulnerability exists in SAP Financial Consolidation FINANC...

8.1CVSS6.1AI score0.00185EPSS

Exploits0References5

Amazon•added 2024/02/05 12:0 a.m.•32 views

Medium: thunderbird

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS8.3AI score0.47284EPSS

Packet Storm•added 2023/07/17 12:0 a.m.•281 views

Ecommerce 1.15 Cross Site Scripting

Exploit Title: Ecommerce 1.15 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/ecommerce/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

Packet Storm•added 2023/07/04 12:0 a.m.•184 views

Car Rental Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Packet Storm•added 2023/07/02 12:0 a.m.•161 views

Vacation Rental 1.8 Cross Site Scripting

Packet Storm•added 2023/06/30 12:0 a.m.•316 views

Property Listing Script 1.0 Cross Site Scripting