CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

516 matches found

Cvelist•added 2026/05/27 12:30 a.m.•25 views

CVE-2026-9609 QianFox FoxCMS Admin.php edit password recovery

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

5.8CVSS0.00046EPSS

Exploits0References5

CVE•added 2026/05/27 12:15 a.m.•14 views

CVE-2026-9608

CVE-2026-9608 affects QianFox FoxCMS (up to version 1.2.6) in the Administrator Backend, specifically the /Tag/edit function where a manipulated request can trigger cross-site scripting. The vulnerability arises from an unspecified element/function within that file, allowing remote exploitation. ...

4.8CVSS4.1AI score0.00032EPSS

Exploits0References5

CNNVD•added 2026/05/27 12:0 a.m.•4 views

FoxCMS 授权问题漏洞

FoxCMS is a content management system provided by FoxCMS Company in China, available for free commercial use and open source. Versions of FoxCMS 1.2.6 and earlier have a licensing issue vulnerability, which stems from a weak password recovery vulnerability in the Edit function of the Admin.php fi...

5.8CVSS5.8AI score0.00046EPSS

Exploits0References5

NVD•added 2026/05/12 9:16 a.m.•10 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00027EPSS

Exploits0References3

CVE•added 2026/05/12 7:48 a.m.•11 views

CVE-2026-5028

The Eight Day Week Print Workflow WordPress plugin (vulnerable up to 1.2.6) is affected by a time-based blind SQL injection via the title parameter in the pp-get-articles AJAX action. Root cause: insufficient escaping and inadequate SQL query preparation. Impact: authenticated attackers with Subs...

6.5CVSS5.9AI score0.00027EPSS

Exploits0References3

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-39952

6.5CVSS5.9AI score0.00027EPSS

Exploits0References4

Patchstack•added 2026/05/06 2:9 a.m.•3 views

WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SliceWP versions = 1.2.6...

5.8AI score

Exploits0Affected Software1

Patchstack•added 2026/05/01 9:31 a.m.•3 views

WordPress Payment Gateway for ACBA BANK plugin <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Payment Gateway for ACBA BANK versions = 1.2.6...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

Debian CVE•added 2026/04/10 9:0 a.m.•1 views

CVE-2026-6042

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...

4.8CVSS4.1AI score0.00007EPSS

Exploits1

Debian CVE•added 2026/04/10 12:0 a.m.•1 views

CVE-2026-40200

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms o...

8.1CVSS4.7AI score0.0002EPSS

Exploits0

CNNVD•added 2026/04/10 12:0 a.m.•3 views

musl libc 安全漏洞

musl libc is an open-source C language standard library developed by musl. It is primarily used in embedded systems and mobile devices. Versions of musl libc up to 1.2.6 contained security vulnerabilities, which were caused by inefficient algorithms and could lead to local attacks...

4.8CVSS5.7AI score0.00007EPSS

Exploits1References7

NVD•added 2026/04/08 8:16 p.m.•4 views

CVE-2026-35477

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

9.9CVSS0.00011EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 10:51 p.m.•2 views

CVE-2026-33531

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the report template engine allows a staff-level user to read arbitrary files from the server filesystem via crafted template tags. Affected functions: encodesvgimage, asset, and...

7.1CVSS6AI score0.00017EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 10:51 p.m.•1 views

CVE-2026-33530

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints e.g. /api/part/, /api/stock/,...

7.7CVSS5.9AI score0.00041EPSS

Exploits0References1

NVD•added 2026/03/26 8:16 p.m.•3 views

CVE-2026-33530

7.7CVSS0.00041EPSS

Exploits0References2