CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 6 days ago•4 views

PT-2026-44871

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate download.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00148EPSS

Exploits0References5

Positive Technologies•added 6 days ago•6 views

PT-2026-44876

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References5

EUVD•added 6 days ago•7 views

EUVD-2026-33351

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

7.2CVSS6.1AI score0.00178EPSS

CNNVD•added 6 days ago•6 views

PHP-SHOP 跨站请求伪造漏洞

PHP-SHOP is an online shopping system developed by joeyrush, based on PHP. Version 1.0 of PHP-SHOP has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow unauthenticated attackers to add administrative users...

6.9CVSS5.7AI score0.00016EPSS

RedhatCVE•added last week•3 views

CVE-2026-9448

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly...

5.3CVSS4.1AI score0.00035EPSS

Exploits0References1

Ubuntu•added last week•9 views

USN-8336-1: PHP vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

9.8CVSS6.2AI score0.00353EPSS

Exploits1

OSV•added last week•2 views

USN-8336-1 php8.1, php8.3, php8.4, php8.5 vulnerabilities

9.8CVSS6.2AI score0.00353EPSS

Exploits1References10

NVD•added 2026/05/28 8:16 a.m.•10 views

CVE-2026-6455

The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...

8.1CVSS0.00039EPSS

Exploits0References10

Cvelist•added 2026/05/28 6:45 a.m.•28 views

CVE-2026-6455 WP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' Parameter

8.1CVSS0.00039EPSS

Exploits0References10

Nuclei•added 2026/05/28 5:39 a.m.•131 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS7.5AI score0.94173EPSS

Exploits10References7

Vulnrichment•added 2026/05/28 3:27 a.m.•5 views

CVE-2026-2374 Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00137EPSS

Exploits0References7

Tenable Nessus•added 2026/05/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-48808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48808 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Tenable Nessus•added 2026/05/28 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48806 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Tenable Nessus•added 2026/05/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-48807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48807 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Tenable Nessus•added 2026/05/28 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46636 Note that Nessus relies on the presence of the package as reported by the vendo...

Tenable Nessus•added 2026/05/28 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-48805 Note that Nessus relies on the presence of the package as reported by the vendo...