CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Cvelist•added 2026/06/09 11:48 a.m.•27 views

CVE-2017-20247 WordPress Plugin PICA Photo Gallery 1.0 SQL Injection

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS0.00262EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:35 p.m.•6 views

CVE-2026-5820

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.7AI score0.00227EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:17 p.m.•2 views

CVE-2026-32343

Cross-Site Request Forgery CSRF vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through = 2.0.80...

4.3CVSS5.8AI score0.00107EPSS

Exploits0References1

Positive Technologies•added 2026/03/19 12:0 a.m.•3 views

PT-2026-26272

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1...

7.1CVSS5.8AI score0.00145EPSS

Exploits0References4

NVD•added 2026/03/13 7:54 p.m.•4 views

CVE-2026-32343

4.3CVSS0.00107EPSS

Exploits0References1

CVE•added 2026/03/13 11:41 a.m.•7 views

CVE-2026-32343

CVE-2026-32343 : A Cross-Site Request Forgery (CSRF) vulnerability affects the WordPress plugin “Easy Table of Contents” (component: easy-table-of-contents) in versions <= 2.0.80. The issue is documented across multiple sources (NVD, Red Hat, ENISA, CVE List) with a CVSS v3.1 base score of 4....

4.3CVSS5.8AI score0.00107EPSS

Exploits0References1

ATTACKERKB•added 2026/03/13 11:41 a.m.•0 views

CVE-2026-32343

5.8AI score0.00107EPSS

Exploits0References2

NVD•added 2026/03/06 1:15 p.m.•5 views

CVE-2018-25163

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...

8.8CVSS0.00245EPSS

Exploits0References2

NVD•added 2026/02/19 9:16 a.m.•5 views

CVE-2026-25314

Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through = 1.3.31...

4.3CVSS0.00185EPSS

Exploits0References1

Vulnrichment•added 2026/02/19 8:26 a.m.•4 views

CVE-2026-25314 WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability

4.3CVSS5.5AI score0.00185EPSS

Exploits0References1

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20685

5.5AI score0.00185EPSS

Exploits0References1

OSV•added 2025/03/07 3:26 p.m.•3 views

OESA-2025-1239 python-jupyterlab security update

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface. Security Fixes: JupyterLab is an extensible...

6.5CVSS7AI score0.00568EPSS

Exploits0References2

OSV•added 2024/12/12 6:15 a.m.•3 views

CVE-2024-9641

The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.0035EPSS

Exploits1References1

OSV•added 2024/05/22 8:15 a.m.•2 views

CVE-2023-6487

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2023/05/15 12:0 a.m.•2 views

PT-2023-16302 · WordPress · F(X) Toc Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: fx TOC WordPress plugin versions 1.1.0 and earlier Description: The issue concerns the fx TOC WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post. This could...

5.4CVSS8.3AI score0.00462EPSS

Exploits1References4

OSV•added 2022/11/08 6:15 p.m.•4 views

CVE-2022-39069

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content...

5.3CVSS5.8AI score0.00443EPSS

Exploits0References1

OSV•added 2017/11/22 6:29 p.m.•25 views

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

6.5CVSS6.8AI score

Exploits0References7

Cvelist•added 2005/06/29 4:0 a.m.•26 views

CVE-2005-2073

Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents...

6.1AI score0.00292EPSS

Exploits0References1