CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

257 matches found

Packet Storm News•added 2026/05/04 12:0 a.m.•1 views

Apache MINA Insecure Deserialization

The Apache MINA project has released versions 2.2.7 and 2.1.12 to address multiple deserialization vulnerabilities...

9.8CVSS5.8AI score0.00287EPSS

Exploits1

OSV•added 2026/05/01 12:30 p.m.•0 views

GHSA-VF5J-865M-MQ7C Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

9.8CVSS6AI score0.00083EPSS

Exploits1References4

OSV•added 2026/05/01 12:30 p.m.•0 views

GHSA-995C-6RP3-4M4X Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a stat...

9.8CVSS5.8AI score0.00287EPSS

Exploits0References5

NVD•added 2026/05/01 11:16 a.m.•3 views

CVE-2026-42779

9.8CVSS0.00083EPSS

Exploits1References1

ATTACKERKB•added 2026/05/01 10:1 a.m.•2 views

CVE-2026-42778

10CVSS5.8AI score0.55384EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/01 10:0 a.m.•4 views

EUVD-2026-26493

9.8CVSS6AI score0.00083EPSS

Exploits1References1

vulnersOsv•added 2026/04/14 10:38 p.m.•1 views

@grupo-loja/vendure-banner-plugin (=1.0.0), @grupo-loja/vendure-conect-envios-plugin (>=1.0.0 <=1.0.1) +54 more potentially affected by CVE-2026-40887 via @vendure/core (>=1.9.5 <=2.2.7)

@vendure/core NPM version =1.9.5, =1.0.0, =0.0.1, =1.0.3, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.2.4 and more Source cves: CVE-2026-40887 Source advisory: OSV:GHSA-9PP3-53P2-WW9V...

9.1CVSS5.8AI score0.07704EPSS

Exploits0

vulnersOsv•added 2026/04/14 10:38 p.m.•3 views

@grupo-loja/vendure-banner-plugin (=1.0.0), @grupo-loja/vendure-conect-envios-plugin (>=1.0.0 <=1.0.1) +54 more potentially affected by CVE-2026-40887 via @vendure/core (>=1.9.5 <=2.2.7)

9.1CVSS5.8AI score0.07704EPSS

Exploits0

RedhatCVE•added 2026/03/06 7:55 a.m.•2 views

CVE-2026-27376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...

7.1CVSS5.8AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/03/05 6:30 a.m.•0 views

EUVD-2026-9632

5.9AI score0.00045EPSS

Exploits0References2

NVD•added 2026/03/05 6:16 a.m.•2 views

CVE-2026-27376

7.1CVSS0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/03/05 12:0 a.m.•3 views

PT-2026-23253

5.9AI score0.00045EPSS

Exploits0References2

Patchstack•added 2026/02/24 10:30 a.m.•5 views

WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme = 2.2.7 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Claue - Clean, Minimal Elementor WooCommerce Theme versions = 2.2.7...

7.1CVSS5.2AI score0.00045EPSS

Exploits0Affected Software1

NVD•added 2026/01/17 3:16 a.m.•2 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS0.00073EPSS

Exploits0References5

Vulnrichment•added 2026/01/17 2:22 a.m.•2 views

CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

5.3CVSS5.5AI score0.00073EPSS

Exploits0References5

Cvelist•added 2026/01/17 2:22 a.m.•18 views

CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

5.3CVSS0.00073EPSS

Exploits0References5

CVE•added 2026/01/17 2:22 a.m.•13 views

CVE-2025-14075

CVE-2025-14075 affects the WP Hotel Booking plugin for WordPress (versions up to and including 2.2.7). The vulnerability exposes the unauthenticated AJAX action hotel_booking_fetch_customer_info without proper capability checks, relying only on a nonce. This allows unauthenticated attackers to re...

5.3CVSS5.2AI score0.00073EPSS

Exploits0References5

Positive Technologies•added 2026/01/17 12:0 a.m.•3 views

PT-2026-3338

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel booking fetch customer info' AJAX action to unauthenticated users without proper capability checks, relying only on ...

5.3CVSS5.5AI score0.00073EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 12:17 p.m.•4 views

CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...

5.3CVSS6.7AI score0.00289EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:12 a.m.•6 views

CVE-2016-10974

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frssave CSRF with resultant stored XSS...

8.8CVSS6.9AI score0.00109EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by