CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2 days ago•6 views

WordPress rognone plugin <= 0.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rognone versions = 0.6.2...

6.1CVSS5.8AI score0.00082EPSS

Exploits0References1Affected Software1

Patchstack•added 2 days ago•5 views

WordPress rognone plugin <= 0.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rognone versions = 0.6.2...

6.1CVSS5.8AI score0.00082EPSS

Exploits0References1Affected Software1

CVE•added 2 days ago•7 views

CVE-2026-1451

Product/Component: WordPress plugin rognone (versions up to and including 0.6.2). Vulnerability: Reflected Cross-Site Scripting via the 'a' parameter caused by insufficient input sanitization and output escaping. Impact (as stated): unauthenticated attackers can inject arbitrary web scripts into ...

Vulnrichment•added 2 days ago•4 views

CVE-2026-1451 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter

ATTACKERKB•added 2 days ago•1 views

CVE-2026-1450

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

Vulnrichment•added 2 days ago•3 views

CVE-2026-1450 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter

Positive Technologies•added 2 days ago•4 views

PT-2026-45700

Positive Technologies•added 2 days ago•4 views

PT-2026-45699

Name of the Vulnerable Software and Affected Versions rognone versions prior to 0.6.3 Description The rognone plugin for WordPress is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation or escaping. This occurs due...

OSV•added 6 days ago•3 views

Exploits0References5

GHSA-3CV2-H65G-FGMM astral-tokio-tar has a PAX Header Desynchronization issue

Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

6.9CVSS5.8AI score

Github Security Blog•added 6 days ago•5 views

astral-tokio-tar has a PAX Header Desynchronization issue

5.8AI score

Exploits0References3Affected Software1

RustSec•added 2026/05/18 12:0 p.m.•6 views

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.8AI score

Exploits0Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в pyasn1

pyasn1 is a generic ASN.1 library for Python. Prior to version 0.6.2, a Denial-of-Service issue was identified that could lead to memory exhaustion due to malformed RELATIVE-OID values with excessive continuation octets. This vulnerability has been fixed in version 0.6.2...

7.5CVSS6.5AI score0.00032EPSS

Exploits0References2

Tenable Nessus•added 2026/04/23 12:0 a.m.•0 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pyasn1 (UTSA-2026-014296)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014296 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID wi...

7.5CVSS6.2AI score0.00032EPSS

EUVD•added 2026/04/08 9:31 a.m.•1 views

EUVD-2026-20107

The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgroff' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Patchstack•added 2026/04/08 7:35 a.m.•3 views

WordPress Attendance Manager plugin <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter vulnerability

Authenticated Subscriber+ SQL Injection via 'attmgroff' Parameter vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin Attendance Manager versions = 0.6.2...

Exploits0References1Affected Software1

CVE•added 2026/04/08 6:43 a.m.•6 views

CVE-2026-3781

Affected product: Attendance Manager plugin for WordPress. Vulnerability: SQL Injection via the 'attmgr_off' parameter in all versions up to and including 0.6.2, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Impact (as stated): authenticated attackers ...

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31098

The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr off' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...