CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9473 matches found

CNNVD•added 2026/01/07 12:0 a.m.•1 views

WordPress plugin Stumble! for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.1CVSS5.9AI score0.00029EPSS

Exploits0References4

Positive Technologies•added 2026/01/07 12:0 a.m.•2 views

PT-2026-1628

Name of the Vulnerable Software and Affected Versions Stumble! for WordPress plugin versions up to and including 1.1.1 Description The Stumble! for WordPress plugin is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of the $...

6.1CVSS6.5AI score0.00029EPSS

Exploits0References6

CNNVD•added 2026/01/07 12:0 a.m.•2 views

WordPress plugin Starred Review 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scriptin...

6.1CVSS5.8AI score0.00029EPSS

Exploits0References3

Cvelist•added 2026/01/06 10:48 p.m.•26 views

CVE-2025-47348 Use of Uninitialized Variable in HLOS

Memory corruption while processing identity credential operations in the trusted application...

7.8CVSS0.00016EPSS

Exploits0References1

CVE•added 2026/01/06 10:48 p.m.•9 views

CVE-2025-47348

CVE-2025-47348 is a memory corruption vulnerability in Qualcomm chipsets related to identity credential processing in the trusted application. The issue is described as memory corruption during identity credential operations. CVSS v3.1 metrics indicate a HIGH base score (7.8) with local attack ve...

7.8CVSS6.7AI score0.00016EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/01/06 10:48 p.m.•4 views

CVE-2025-47348 Use of Uninitialized Variable in HLOS

Memory corruption while processing identity credential operations in the trusted application...

7.8CVSS6.7AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2026/01/06 2:2 a.m.•3 views

CVE-2025-15452

A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched...

4.8CVSS5.3AI score0.00023EPSS

Exploits1References1

Snyk•added 2026/01/05 10:58 p.m.•4 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the unicode processing of HTTP header values. An attacker can bypass firewall or proxy protections by sending requests containing non-ASCII characters. Note: This is only exploitable if C extensions are not in...

6.5CVSS6.9AI score0.00047EPSS

Exploits0References2

OSV•added 2026/01/05 3:15 a.m.•0 views

CVE-2025-15452

4.8CVSS4AI score

Exploits0References4

NVD•added 2026/01/05 3:15 a.m.•2 views

CVE-2025-15452

4.8CVSS0.00023EPSS

Exploits1References4

Snyk•added 2026/01/05 2:38 a.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the variableSave function of the /admin/system/variableList.do endpoint when handling the Description argument. An attacker can inject and execute arbitrary scripts in the context of a user's browser by...

4.8CVSS5.5AI score0.00023EPSS

Exploits1References2

Vulnrichment•added 2026/01/05 2:2 a.m.•1 views

CVE-2025-15452 xnx3 wangmarket Backend Variable Search variableList.do variableList cross site scripting

4.8CVSS5.2AI score0.00023EPSS

Exploits1References4

CNNVD•added 2026/01/05 12:0 a.m.•1 views

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from the incorrect operation of the parameter Description in the function variableList in the fil...

4.8CVSS4.2AI score0.00023EPSS

Exploits1References5

Positive Technologies•added 2026/01/05 12:0 a.m.•4 views

PT-2026-1204

Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 4.9 Description A security flaw exists in xnx3 wangmarket up to version 4.9, specifically within the System Variables Page functionality located at the '/admin/system/variableSave.do' file. Manipulation of the...

4.8CVSS4.7AI score0.00023EPSS

Exploits1References8

RedhatCVE•added 2026/01/03 9:0 a.m.•2 views

CVE-2025-15437

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.4CVSS3.5AI score0.00008EPSS

Exploits1References1

RedhatCVE•added 2026/01/02 11:25 p.m.•2 views

CVE-2025-15416

A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The...

4.8CVSS5.4AI score0.00019EPSS

Exploits1References1

NVD•added 2026/01/02 9:15 a.m.•1 views

CVE-2025-15437

5.4CVSS0.00008EPSS

Exploits1References8

OSV•added 2026/01/02 9:15 a.m.•3 views

CVE-2025-15437

5.4CVSS3.5AI score

Exploits0References8

Cvelist•added 2026/01/02 8:32 a.m.•21 views

CVE-2025-15437 LigeroSmart Environment Variable cross site scripting