CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13335 matches found

NVD•added 6 hours ago•2 views

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

9CVSS

Exploits0References2

Circl•added 11 hours ago•2 views

CVE-2026-27145

creationtimestamp| type| source ---|---|--- 2026-06-03 12:00:59+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2r6hlix2f...

5.7AI score

Exploits0References1

Circl•added 11 hours ago•2 views

CVE-2025-14773

creationtimestamp| type| source ---|---|--- 2026-06-03 11:34:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnezbyrndl2v 2026-06-03 16:12:05+00:00| seen| https://bsky.app/profile/boredchilada.bsky.social/post/3mnfis627gj2l...

8CVSS5.8AI score

Exploits0References2

Nuclei•added 17 hours ago•22 views

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

6.1CVSS6.3AI score0.13873EPSS

Exploits2References5

Nuclei•added 17 hours ago•9 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6AI score0.10126EPSS

Exploits1References3

Nuclei•added 17 hours ago•22 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS5.8AI score0.00963EPSS

Exploits1References5

Nuclei•added 17 hours ago•25 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.00385EPSS

Exploits1References4

Nuclei•added 17 hours ago•5 views

WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure

Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...

6.5CVSS5.8AI score0.03071EPSS

Exploits0References3

Nuclei•added 17 hours ago•3 views

Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting

Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...

7.2CVSS5.9AI score0.04511EPSS

Exploits0References3

Nuclei•added 17 hours ago•13 views

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

6.1CVSS6.4AI score0.00385EPSS

Exploits1References4

Circl•added 17 hours ago•2 views

CVE-2025-14771

creationtimestamp| type| source ---|---|--- 2026-06-03 06:01:01+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-545 2026-06-03 11:29:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mneyz2dgnr2o 2026-06-03 14:01:41+00:00| seen|...

9.9CVSS5.8AI score

Exploits0References5

Circl•added 18 hours ago•3 views

CVE-2026-10702

creationtimestamp| type| source ---|---|--- 2026-06-03 04:52:24+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-mozilla-6 2026-06-03 12:25:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnf44jhtx423...

4.3CVSS5.7AI score

Exploits0References2

Circl•added 20 hours ago•3 views

CVE-2026-39553

creationtimestamp| type| source ---|---|--- 2026-06-03 03:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mne4kv3rmf2n...

8.1CVSS5.8AI score

Exploits0References1

Circl•added 23 hours ago•4 views

CVE-2026-32625

creationtimestamp| type| source ---|---|--- 2026-06-03 00:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116683232788673466 2026-06-03 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mndsj3gb3q24 2026-06-03 00:01:18+00:00| seen|...

9.6CVSS5.8AI score

Exploits0References5

Positive Technologies•added 23 hours ago•2 views

PT-2026-45954

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

5.8AI score

Exploits0References3

CVE•added 23 hours ago•2 views

CVE-2026-36748

RockRMS vulnerability CVE-2026-36748 affects v16.13 and earlier of RockRMS up to v17.7.0, allowing Cross Site Scripting (XSS) via social media links in a user profile. The connected documents confirm the affected product version range and the XSS impact, but do not provide rooted technical detail...

9CVSS5.8AI score

Exploits0References2