CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

236 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-35563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the...

8.8CVSS5.8AI score0.00038EPSS

Exploits0References3

Patchstack•added 3 days ago•2 views

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by benzdeus in WordPress Plugin WpTravelly versions = 2.1.7...

5.8AI score

Exploits0Affected Software1

Cvelist•added 3 days ago•33 views

CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS0.00038EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•19 views

CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...

5.3CVSS0.0004EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability

5.9AI score0.0004EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•6 views

CVE-2026-39648

CVE-2026-39648 affects the WordPress Cream Blog theme (Cream Blog) up to version 2.1.7. The issue is a Missing/Incorrectly Configured Access Control vulnerability (Missing Authorization) that allows bypassing normal authorization checks. Documents consistently describe a broken access control vul...

5.3CVSS5.9AI score0.0004EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39565

CVE-2026-39565 concerns a Missing Authorization vulnerability in the WordPress plugin Travelly (WPTravelly) Tour & Travel Booking Manager for WooCommerce, affecting up to version 2.1.7. Root cause is Incorrectly Configured Access Control Security Levels leading to unauthorized actions. Base CVSS ...

4.3CVSS5.9AI score0.00032EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39565 WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through = 2.1.7...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References1

EUVD•added 2026/04/08 8:30 a.m.•2 views

EUVD-2026-20211

5.9AI score0.00032EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•18 views

CVE-2026-39565 WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

4.3CVSS0.00032EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.3CVSS5.8AI score0.00027EPSS

Exploits0References6

CNNVD•added 2026/04/03 12:0 a.m.•3 views

Noelse Individuals & Pro App 安全漏洞

Noelse Individuals & Pro App is a financial services app developed by the French company Noelse, designed for individual and professional users to manage online accounts, handle payments, and access financial tools. The Noelse Individuals & Pro App versions 2.1.7 and earlier contain security...

4.8CVSS5.8AI score0.00005EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 3:12 p.m.•0 views

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

7.1CVSS6AI score0.0002EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 2:59 p.m.•1 views

CVE-2026-28791

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

7.4CVSS6AI score0.0012EPSS

Exploits1References1

Patchstack•added 2026/03/21 4:53 p.m.•1 views

WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Александр in WordPress Plugin WpTravelly versions = 2.1.7...

4.3CVSS5.9AI score0.00032EPSS

Exploits0Affected Software1

CNVD•added 2026/03/17 12:0 a.m.•0 views

Siemens SICAM SIAPP SDK Buffer Overflow Vulnerability

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. A buffer overflow vulnerability exists in Siemens SICAM SIAPP SDK versions prior to V2.1.7. The vulnerability stems from a client-side component that does not perform a maximum length check on certain variables before us...

5.9CVSS6.3AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/03/12 4:55 p.m.•1 views

CVE-2026-28791 Path Traversal in Media Upload Handle in Tina

7.4CVSS6AI score0.0012EPSS

Exploits1References1