CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/20 4:16 a.m.•8 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00084EPSS

CVE•added 2026/05/20 2:27 a.m.•10 views

CVE-2026-9010

The CVE concerns the Boost plugin for WordPress, affected through time-based SQL Injection in the plugin’s handling of the current_url and user_name parameters. Vulnerable in versions up to and including 2.0.3 due to insufficient escaping of user-supplied inputs and inadequate preparation of exis...

7.5CVSS5.9AI score0.00084EPSS

CNNVD•added 2026/05/20 12:0 a.m.•5 views

WordPress plugin Boost SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00084EPSS

Exploits0References1

Slackware Linux•added 2026/05/19 11:53 p.m.•8 views

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.11.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

9.8CVSS5.8AI score0.00164EPSS

Exploits0

Slackware Linux•added 2026/05/19 11:53 p.m.•4 views

[slackware-security] haveged

New haveged packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/haveged-1.9.21-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Missing exit out of permission check could lead to...

7.8CVSS5.8AI score0.00004EPSS

Exploits0

NVD•added 2026/05/19 2:16 p.m.•7 views

CVE-2026-42099

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /dataapi/dlinternalartifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location DIR under the specified name. An attacker with repository access...

7.7CVSS0.00266EPSS

Exploits1References4

Cvelist•added 2026/05/19 12:59 p.m.•26 views

CVE-2026-42099 Race Condition in Sparx Pro Cloud Server

7.7CVSS0.00266EPSS

Exploits1References4

EUVD•added 2026/05/19 12:59 p.m.•6 views

EUVD-2026-30929

8.7CVSS6.2AI score0.00266EPSS

Exploits3References4

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41895

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description A race condition exists in the '/data api/dl internal artifact.php' endpoint. The application downloads object properties based on the guid parameter and saves the content i...

7.7CVSS6.2AI score0.00266EPSS

Exploits1References8

CVE•added 2026/05/18 7:31 p.m.•10 views

CVE-2026-47090

Claude HUD up to version 0.0.12 is affected by a terminal-injection vulnerability in OSC 8 hyperlink handling. The root cause is constructing OSC 8 sequences from raw cwd and branchUrl values without stripping control characters or encoding embedded values, enabling injection of ANSI codes into t...

4.6CVSS6AI score0.00011EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/05/18 12:0 a.m.•6 views

Claude HUD 安全漏洞

Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of raw cwd and branchUrl values to construct OSC 8 terminal...

4.6CVSS6.1AI score0.00011EPSS

Exploits0References1

NVD•added 2026/05/17 1:16 p.m.•5 views

CVE-2018-25331

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the currentpage parameter sent to the ajax.php endpoint, which...

6.1CVSS0.00095EPSS

ATTACKERKB•added 2026/05/17 12:11 p.m.•3 views

CVE-2018-25331

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/17 12:11 p.m.•4 views

CVE-2018-25331 Zenar Content Management System Cross-Site Scripting via ajax.php

Cvelist•added 2026/05/17 12:11 p.m.•33 views

CVE-2018-25331 Zenar Content Management System Cross-Site Scripting via ajax.php

6.1CVSS0.00095EPSS

CVE•added 2026/05/17 12:11 p.m.•8 views

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

EUVD•added 2026/05/17 12:11 p.m.•6 views

EUVD-2018-21854

Slackware Linux•added 2026/05/16 2:58 a.m.•6 views

[slackware-security] dnsmasq

New dnsmasq packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/dnsmasq-2.92rel2-i586-1slack15.0.txz: Upgraded. This update fixes security issues. For more information, see:...

8.4CVSS5.8AI score0.0024EPSS

Exploits4

CVE•added 2026/05/15 6:36 p.m.•8 views

CVE-2026-46359

CVE-2026-46359 (phpMyFAQ) affects phpMyFAQ prior to 4.1.2. A SQL injection exists in CurrentUser::setTokenData, allowing authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or J...

7.7CVSS6.1AI score0.00033EPSS