CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/12/05 9:27 a.m.•2 views

EUVD-2025-201398

6.4CVSS4.7AI score0.00031EPSS

Exploits0References4

CVE•added 2025/12/05 9:27 a.m.•9 views

CVE-2025-13678

CVE-2025-13678 : The Thai Lottery Widget WordPress plugin is vulnerable to authenticated Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including 2.5 due to insufficient sanitization of width and height attributes. Attackers with Contributor-level access or hi...

6.4CVSS4.7AI score0.00031EPSS

Vulnrichment•added 2025/12/05 9:27 a.m.•2 views

CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.00031EPSS

Cvelist•added 2025/12/05 9:27 a.m.•20 views

CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00031EPSS

RedhatCVE•added 2025/12/04 8:12 p.m.•2 views

CVE-2025-12385

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...

8.7CVSS6.8AI score0.0012EPSS

OSV•added 2025/12/03 8:16 p.m.•1 views

DEBIAN-CVE-2025-12385

8.7CVSS5.3AI score0.0012EPSS

OSV•added 2025/12/03 8:16 p.m.•3 views

AZL-71555 CVE-2025-12385 affecting package qtdeclarative for versions less than 6.6.1-2

8.7CVSS5.8AI score0.0012EPSS

NVD•added 2025/12/03 8:16 p.m.•5 views

CVE-2025-12385

8.7CVSS0.0012EPSS

OSV•added 2025/12/03 8:16 p.m.•1 views

AZL-71647 CVE-2025-12385 affecting package qt5-qtdeclarative 5.12.5-5

8.7CVSS5.8AI score0.0012EPSS

OSV•added 2025/12/03 8:16 p.m.•2 views

UBUNTU-CVE-2025-12385

8.7CVSS5.8AI score0.0012EPSS

Exploits0References5

Debian CVE•added 2025/12/03 7:38 p.m.•4 views

CVE-2025-12385

8.7CVSS5.3AI score0.0012EPSS

Exploits0

CVE•added 2025/12/03 7:38 p.m.•11 views

CVE-2025-12385

CVE-2025-12385 affects the Qt Text component in Qt Quick across Windows, macOS, Linux, iOS, Android (Qt 5.0.0–6.5.10, 6.6.0–6.8.5, 6.9.0–6.10.0). Root cause: missing validation of width/height in the tag in the Text parser, allowing excessive resource allocation and potentially an unresponsive a...

8.7CVSS6.4AI score0.0012EPSS

Vulnrichment•added 2025/12/03 7:38 p.m.•1 views

CVE-2025-12385 Improper validation of <img> tag size in Text component parser

8.7CVSS6.4AI score0.0012EPSS

RedhatCVE•added 2025/11/22 8:35 a.m.•4 views

CVE-2025-11765

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageheight' and 'imagewidth' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00032EPSS

NVD•added 2025/11/21 8:15 a.m.•1 views

CVE-2025-11765

6.4CVSS0.00032EPSS

Vulnrichment•added 2025/11/21 7:31 a.m.•3 views

CVE-2025-11765 Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00032EPSS

EUVD•added 2025/11/21 7:31 a.m.•1 views

EUVD-2025-198425

6.4CVSS4.7AI score0.00032EPSS

CVE•added 2025/11/21 7:31 a.m.•14 views

CVE-2025-11765

CVE-2025-11765 : The WordPress plugin Stock Tools is vulnerable to stored XSS via the shortcode attributes image_height and image_width in all versions up to 1.1. The issue stems from insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or...

6.4CVSS4.7AI score0.00032EPSS

Cvelist•added 2025/11/21 7:31 a.m.•5 views

CVE-2025-11765 Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00032EPSS