CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/19 4:36 a.m.•30 views

CVE-2026-0556

CVE-2026-0556 concerns the XO Event Calendar WordPress plugin (versions

6.4CVSS5.7AI score0.00307EPSS

Cvelist•added 2026/02/19 4:36 a.m.•26 views

CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode

6.4CVSS0.00307EPSS

Patchstack•added 2026/02/19 12:14 a.m.•9 views

WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...

6.4CVSS5.5AI score0.00307EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•8 views

PT-2026-20626

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo event field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00307EPSS

RedhatCVE•added 2026/01/09 10:34 a.m.•2 views

CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS...

6.1CVSS6.9AI score0.00915EPSS

Exploits0References1

Cvelist•added 2025/11/24 8:38 p.m.•6 views

CVE-2025-52538

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability...

8CVSS0.00115EPSS

Exploits0References1

CVE•added 2025/11/24 7:45 p.m.•12 views

CVE-2025-0005

AMD XOCL driver (OpenCL) within the AMD XRT framework is affected by CVE-2025-0005 due to improper input validation, enabling a local overflow that can crash the system or cause a denial of service. Root cause: input validation flaw in XOCL. Impact: local attacker could trigger crash/DoS with low...

7.3CVSS6.5AI score0.00109EPSS

Exploits0References1

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-175692

Malicious code in volcanology-yakutsk-phenomic-xo npm...

EUVD•added 2025/11/13 3:23 a.m.•4 views

EUVD-2025-178751

Malicious code in geckodriver-singularity-radiometric-xo npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•2 views

Malicious code in xo-csrf-radiant-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94c1bd2a4a7e5e0d89c6e97c3243f89b4b6801a28f85c0a3bb946840fa5efd60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177406

Malicious code in orogeny-algol-kastra-xo npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178415

Malicious code in inflation-weywot-comet-xo npm...

EUVD•added 2025/11/13 3:23 a.m.•5 views

EUVD-2025-178558

Malicious code in helmet-neutronstar-xo-xerxes npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in inflation-weywot-comet-xo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2494101eede652b8876724d3d4c467b0a2d07002f73e58557044c083908f9847 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-175467

Malicious code in xo-morgan-css-loader-prompts npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-175507

Malicious code in xenon-comet-xo-quantum npm...