CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

OSV•added 2025/10/27 5:15 p.m.•0 views

CVE-2025-54968

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with the permissions of other users...

8.8CVSS5.9AI score0.00163EPSS

Exploits0References2

CVE•added 2025/02/22 4:21 a.m.•51 views

CVE-2024-12038

CVE-2024-12038 is a stored XSS vulnerability in the WordPress plugin Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) (BuddyForms). The issue arises from insufficient input sanitization and output escaping for attributes in the bud...

6.4CVSS5.8AI score0.00114EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/02/22 4:21 a.m.•6 views

CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyformsnav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input...

6.4CVSS5.8AI score0.00114EPSS

Exploits0References2

RedhatCVE•added 2025/02/05 5:27 a.m.•4 views

CVE-2024-1170

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handledeletedmedia function in all versions up to, and including,...

8.2CVSS6.8AI score0.00501EPSS

Exploits0References1

NVD•added 2025/01/31 11:15 a.m.•12 views

CVE-2024-12037

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bfnewsubmissionlink' shortcode in all versions up to, and including, 2.8.13 due to insufficient...

6.4CVSS0.00185EPSS

Exploits0References2

Vulnrichment•added 2025/01/31 11:11 a.m.•5 views

CVE-2024-12037 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bfnewsubmissionlink' shortcode in all versions up to, and including, 2.8.13 due to insufficient...

6.4CVSS5.7AI score0.00185EPSS

Exploits0References2

Circl•added 2024/12/18 12:33 p.m.•7 views

CVE-2024-56059

creationtimestamp| type| source ---|---|--- 2024-12-18 12:33:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113673843515493237 2024-12-18 13:41:33+00:00| seen| https://t.me/cvedetector/13181 2025-01-14 12:49:39+00:00| seen|...

9.8CVSS7.3AI score0.32346EPSS

Exploits2References4

Cvelist•added 2024/09/14 3:19 a.m.•16 views

CVE-2024-8246 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to se...

8.8CVSS0.00423EPSS

Exploits0References2

NVD•added 2024/03/13 4:15 p.m.•12 views

CVE-2024-1158

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

4.3CVSS4.4AI score0.00192EPSS

Exploits0References3

OSV•added 2024/03/07 11:15 a.m.•1 views

CVE-2024-1170

8.2CVSS7.4AI score

Exploits0References3

NVD•added 2023/03/16 9:15 a.m.•12 views

CVE-2022-38971

Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...

5.4CVSS4.8AI score0.00181EPSS

Exploits0References1

OSV•added 2023/03/16 9:15 a.m.•0 views

CVE-2022-38971

Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...

5.4CVSS5.8AI score0.00181EPSS

Exploits0References1

Cvelist•added 2023/03/16 8:49 a.m.•15 views

CVE-2022-38971 WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin = 2.7.5 versions...

4.7CVSS5.5AI score0.00181EPSS

Exploits0References1

CVE•added 2023/03/16 8:49 a.m.•41 views

CVE-2022-38971

CVE-2022-38971 is a stored XSS vulnerability affecting the WordPress BuddyForms/ThemeKraft Post Form family (Registration, Profile, and Content Forms) for version

5.4CVSS4.8AI score0.00181EPSS

Exploits0References1Affected Software1

n0where•added 2017/01/30 5:39 a.m.•18 views

Linux Malware Detect: LMD

Linux Malware Detect LMD is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and...

7.1AI score

Exploits0References1

0day.today•added 2010/07/05 12:0 a.m.•36 views

Joomla com_reportcard Blind SQL injection Vulnerability

Exploit for php platform in category web applications ======================================================= Joomla comreportcard Blind SQL injection Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1...

7.1AI score

Exploits0

securityvulns•added 2010/05/11 12:0 a.m.•31 views

Month of PHP Security - Summary - 1st May - 10th May

Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what was released so far. You can follow the Month of PHP Security on...

8.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by