CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/19 4:36 a.m.•24 views

CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode

6.4CVSS0.00043EPSS

CVE•added 2026/02/19 4:36 a.m.•18 views

CVE-2026-0556

CVE-2026-0556 concerns the XO Event Calendar WordPress plugin (versions

6.4CVSS5.7AI score0.00043EPSS

Patchstack•added 2026/02/19 12:14 a.m.•6 views

WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...

6.4CVSS5.5AI score0.00043EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20626

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo event field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00043EPSS

RedhatCVE•added 2026/01/09 10:34 a.m.•1 views

CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS...

6.1CVSS6.9AI score0.0021EPSS

Exploits0References1

Cvelist•added 2025/11/24 8:38 p.m.•3 views

CVE-2025-52538

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability...

8CVSS0.00017EPSS

Exploits0References1

CVE•added 2025/11/24 7:45 p.m.•11 views

CVE-2025-0005

AMD XOCL driver (OpenCL) within the AMD XRT framework is affected by CVE-2025-0005 due to improper input validation, enabling a local overflow that can crash the system or cause a denial of service. Root cause: input validation flaw in XOCL. Impact: local attacker could trigger crash/DoS with low...

7.3CVSS6.5AI score0.00029EPSS

Exploits0References1

EUVD-2025-175507

Malicious code in xenon-comet-xo-quantum npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178988

Malicious code in exec-zephyr-xo-izar npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176543

Malicious code in sails-rollup-unuk-xo npm...

EUVD-2025-175470

Malicious code in xo-indus-procyon-indus npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-175473

Malicious code in xo-csrf-radiant-halley npm...

EUVD-2025-175465

Malicious code in xo-phylogenetics-kastra-triton npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in inflation-weywot-comet-xo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2494101eede652b8876724d3d4c467b0a2d07002f73e58557044c083908f9847 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in xo-helios-child-process-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6abf116ef5bd6a77aedf9bcc2b5428a4945e26fbf2e8c0d79a0fccebb457771 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD-2025-175469

Malicious code in xo-koa-metalsmith-perseus npm...

EUVD-2025-180074

Malicious code in biogeochemistry-multiverse-xo-regulus npm...