CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-48070

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

6.1CVSS5.3AI score0.0012EPSS

WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-47682

Name of the Vulnerable Software and Affected Versions WP Emoticon Rating versions prior to 1.0.2 Description The WP Emoticon Rating plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

6.1CVSS5.3AI score0.0012EPSS

Exploits0References11

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-48080

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-48060

Positive Technologies•added 2026/06/09 12:0 a.m.•11 views

PT-2026-47539

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

4.7CVSS5.6AI score0.00154EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-48064

5.4CVSS5.2AI score0.00187EPSS

Evoluted PHP Directory Listing Script 跨站脚本漏洞

Evoluted PHP Directory Listing Script is a PHP-based directory indexing and file browsing script developed by the British company Evoluted. Versions of Evoluted PHP Directory Listing Script 4.0.5 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir...

CNNVD•added 2026/06/09 12:0 a.m.•5 views

Fortinet FortiOS和Fortinet FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are products of the American company Fortinet. Fortinet FortiOS is a security operating system specifically designed for the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus...

6.7CVSS5.6AI score0.00144EPSS

4.3CVSS5.4AI score0.00128EPSS

WordPress plugin WpMobi 跨站请求伪造漏洞

CNNVD•added 2026/06/09 12:0 a.m.•7 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.2AI score0.00224EPSS

CNNVD•added 2026/06/09 12:0 a.m.•7 views

Adobe Experience Manager 跨站脚本漏洞

5.4CVSS5.1AI score0.00224EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-47681

Name of the Vulnerable Software and Affected Versions WpMobi versions prior to 0.0.4 Description The WpMobi plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missing or...

4.3CVSS5.4AI score0.00128EPSS

Exploits0References8

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47680

Name of the Vulnerable Software and Affected Versions WP-Ultimate-Map versions prior to 1.2 Description The plugin is subject to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS. The issue occurs because the process init function, which is hooked to admin init, fails to validat...

6.1CVSS5.5AI score0.00119EPSS

Exploits0References9

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-47676

Name of the Vulnerable Software and Affected Versions Global Body Mass Index Calculator versions prior to 1.3 Description The Global Body Mass Index Calculator plugin for WordPress contains a Stored Cross-Site Scripting issue. The GBMI Calc Widget::widget function fails to properly sanitize input...

6.4CVSS5.6AI score0.00193EPSS

Exploits0References9

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47677

Name of the Vulnerable Software and Affected Versions kk blog card versions prior to 1.4 Description The kk blog card plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin fails to properly sanitize input and escape output for the href and type attribut...

6.4CVSS5.6AI score0.00187EPSS

Exploits0References7

8.7CVSS5.5AI score0.00641EPSS

Apptha Mac Photo Gallery 路径遍历漏洞

Apptha Mac Photo Gallery is a PHP-based website image display system developed by Apptha Corporation. Version 3.0 of Apptha Mac Photo Gallery has a path traversal vulnerability. This vulnerability stems from improper handling of the albid parameter, allowing unauthenticated attackers to download...

CNNVD•added 2026/06/09 12:0 a.m.•5 views

Adobe Experience Manager 跨站脚本漏洞

5.4CVSS5.1AI score0.00307EPSS