CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8780 matches found

RedhatCVE•added 2026/01/29 3:18 p.m.•11 views

CVE-2026-1398

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

4.3CVSS5.8AI score0.00128EPSS

Exploits0References1

RedhatCVE•added 2026/01/29 3:18 p.m.•13 views

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS5.9AI score0.00372EPSS

Exploits0References1

RedhatCVE•added 2026/01/29 3:18 p.m.•7 views

CVE-2026-1377

The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged...

4.3CVSS5.8AI score0.00124EPSS

Exploits0References1

Packet Storm•added 2026/01/29 12:0 a.m.•187 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.45854EPSS

Exploits7

Vulnrichment•added 2026/01/28 1:26 p.m.•9 views

CVE-2025-14795 Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References4

ATTACKERKB•added 2026/01/28 1:26 p.m.•4 views

CVE-2025-14795

4.3CVSS5.9AI score0.0016EPSS

Exploits0References5

CVE•added 2026/01/28 1:26 p.m.•19 views

CVE-2025-14795

CVE-2025-14795 affects the Stop Spammers Classic WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation in the ss_addtoallowlist class, enabling unauthenticated attackers to add email addresses to the spam allowlist via forged requests, if a site admin is tricked into cli...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References4

NVD•added 2026/01/28 12:15 p.m.•9 views

CVE-2026-1377

4.3CVSS0.00124EPSS

Exploits0References3

NVD•added 2026/01/28 12:15 p.m.•13 views

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00124EPSS

Exploits0References3

Vulnrichment•added 2026/01/28 11:23 a.m.•6 views

CVE-2026-1398 Change WP URL <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.8AI score0.00128EPSS

Exploits0References5

CVE•added 2026/01/28 11:23 a.m.•20 views

CVE-2026-1398

CVE-2026-1398 describes a CSRF vulnerability in the WordPress plugin Change WP URL. The issue arises from missing or incorrect nonce validation on the Change WP URL page, allowing unauthenticated attackers to change the WP Login URL via forged requests if a site administrator clicks a crafted lin...

4.3CVSS5.8AI score0.00128EPSS

Exploits0References5

EUVD•added 2026/01/28 11:23 a.m.•8 views

EUVD-2026-4894

4.3CVSS5.8AI score0.00128EPSS

Exploits0References5

ATTACKERKB•added 2026/01/28 11:23 a.m.•5 views

CVE-2026-1398

4.3CVSS5.8AI score0.00128EPSS

Exploits0References6

Cvelist•added 2026/01/28 11:23 a.m.•29 views

CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS0.00128EPSS

Exploits0References5

Vulnrichment•added 2026/01/28 11:23 a.m.•4 views

CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.8AI score0.00128EPSS

Exploits0References5

ATTACKERKB•added 2026/01/28 11:23 a.m.•5 views

CVE-2025-14616

4.3CVSS5.8AI score0.00128EPSS

Exploits0References6Affected Software1

EUVD•added 2026/01/28 11:23 a.m.•5 views

EUVD-2025-206487

4.3CVSS5.8AI score0.00128EPSS

Exploits0References5

Cvelist•added 2026/01/28 11:23 a.m.•32 views

CVE-2026-1380 Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00124EPSS

Exploits0References3

Vulnrichment•added 2026/01/28 11:23 a.m.•4 views

CVE-2025-14386 Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover

8.8CVSS5.9AI score0.00372EPSS

Exploits0References4

Vulnrichment•added 2026/01/28 11:23 a.m.•4 views

CVE-2026-1380 Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.8AI score0.00124EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by