Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2025/10/25 12:26 p.m.2 views

CVE-2025-11897 The7 — Ultimate WordPress & WooCommerce Theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css'

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ the7fancytitlecss’ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS4.7AI score0.00032EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/10/25 3:9 a.m.1 views

WordPress The7 theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'the7fancytitlecss' vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme The7 versions = 12.9.1...

6.4CVSS5.8AI score0.00032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/10/25 12:0 a.m.3 views

WordPress The7 Theme <= 12.9.1 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 12.9.1 Fixed in 12.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-11897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 600f7d8465b6 Credits Muhammad Yudha - DJ Required...

6.4CVSS5.3AI score0.00032EPSS
Exploits0References2Affected Software1
Amazon
Amazonadded 2025/10/14 12:0 a.m.1 views

Medium: cuda

Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages: cuda...

5.7CVSS6.5AI score0.00018EPSS
Exploits0
Metasploit
Metasploitadded 2020/12/10 5:41 p.m.94 views

GitLab File Read Remote Code Execution

This module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails "secretkeybase", and gains remote code execution with a deserialization vulnerability of a signed 'experimentationsubjectid' cookie tha...

5.5CVSS6.2AI score0.04767EPSS
Exploits10
NCSC
NCSCadded 2020/03/27 12:0 a.m.3 views

Vulnerabilities fixed in GitLab Community and Enterprise Edition

GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, execute a cross-site scripting attack, or gain access to sensitive information and/or manipulate it. GitLab has releas...

9.8CVSS6.4AI score0.00626EPSS
Exploits1
Rows per page
Query Builder