CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added last week•19 views

CVE-2026-42250

CVE-2026-42250 describes an off‑by‑one error in the bzip2recover utility of bzip2. Processing a specially crafted file can trigger an out‑of‑bounds write to a global buffer, causing memory corruption and a denial of service (local impact). The issue is fixed in bzip2 version 1.0.9. Affected compo...

Vulnrichment•added last week•2 views

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

EUVD•added last week•5 views

EUVD-2026-32898

ATTACKERKB•added last week•2 views

CVE-2026-42250

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

Exploits0References5

PT-2026-44373

NVD•added 2026/05/27 11:16 a.m.•7 views

Exploits0References3

CVE-2026-42761

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS0.00039EPSS

Vulnrichment•added 2026/05/27 9:49 a.m.•5 views

CVE-2026-42761 WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

9.3CVSS5.8AI score0.00039EPSS

ATTACKERKB•added 2026/05/27 9:49 a.m.•3 views

CVE-2026-42761

9.3CVSS5.8AI score0.00039EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•3 views

WordPress plugin Active Products Tables for WooCommerce SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.3CVSS5.9AI score0.00039EPSS

EUVD•added 2026/05/12 9:31 a.m.•7 views

EUVD-2026-29388

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00036EPSS

Exploits0References6

CNNVD•added 2026/05/12 12:0 a.m.•7 views

WordPress plugin BJ Lazy Load 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00036EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-39944

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filter images function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing preg replace that does not properly handle HTML attribute boundaries when replacing...

6.4CVSS6AI score0.00036EPSS

Exploits0References6

Patchstack•added 2026/05/11 7:10 p.m.•4 views

WordPress BJ Lazy Load plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BJ Lazy Load versions = 1.0.9...

6.4CVSS5.8AI score0.00036EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/22 9:31 a.m.•1 views

EUVD-2026-24635

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS5.8AI score0.0001EPSS

Exploits0References3

CNNVD•added 2026/04/22 12:0 a.m.•5 views

WordPress plugin Real Estate Pro 跨站脚本漏洞

5.5CVSS5.8AI score0.0001EPSS