CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Patchstack•added 2026/03/30 8:1 a.m.•3 views

WordPress ThemeREX Addons plugin < 2.38.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Erwan LR WPScan in WordPress Plugin ThemeREX Addons versions 2.38.5...

5.3CVSS5.9AI score0.00198EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/26 3:17 p.m.•1 views

CVE-2026-1969

The trxaddons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448...

9.8CVSS7.6AI score0.00821EPSS

Exploits0References1

EUVD•added 2026/03/23 6:30 a.m.•2 views

EUVD-2026-14361

9.8CVSS5.9AI score0.00821EPSS

Exploits0References2

CVE•added 2026/03/23 6:0 a.m.•40 views

CVE-2026-1969

CVE-2026-1969 affects the WordPress plugin trx_addons prior to version 2.38.5. The issue is improper validation of file types in an AJAX action, enabling unauthenticated uploads of arbitrary files. Root cause noted as an incorrect fix of CVE-2024-13448. Some sources confirm the vulnerable version...

5.3CVSS7.6AI score0.00198EPSS

In wildExploits0References1

Positive Technologies•added 2026/03/23 12:0 a.m.•14 views

PT-2026-27060

Name of the Vulnerable Software and Affected Versions trx addons WordPress plugin versions prior to 2.38.5 Description The software does not properly validate file types during an AJAX action, potentially allowing unauthenticated users to upload arbitrary files. This is related to a previous fix...

5.3CVSS7.6AI score0.00198EPSS

Exploits0References4

Oracle linux•added 2023/07/20 12:0 a.m.•28 views

webkit2gtk3 security update

2.38.5-1.5 - Disable JIT CVE-2023-32435, CVE-2023-32439...

8.8CVSS7.1AI score0.18609EPSS

Exploits1

Tenable Nessus•added 2023/07/20 12:0 a.m.•41 views

Amazon Linux 2 : webkitgtk4 (ALAS-2023-2141)

The version of webkitgtk4 installed on the remote host is prior to 2.38.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2141 advisory. Processing web content may lead to arbitrary code execution NOTE:...

8.8CVSS9.1AI score0.18609EPSS

Exploits1References8

Oracle linux•added 2023/05/24 12:0 a.m.•43 views

webkit2gtk3 security and bug fix update

2.38.5-1 - Update to 2.38.5 Related: 2127468 2.38.4-1 - Update to 2.38.4 Related: 2127468 2.38.3-1 - Update to 2.38.3 Related: 2127468 2.38.2-1 - Update to 2.38.2 Related: 2127468 2.38.1-2 - Fix crashes on aarch64 Enable WPE renderer Related: 2127468 2.38.1-1 - Update to 2.38.1 Related: 2127468...

8.8CVSS7.1AI score0.34574EPSS

Exploits2

Oracle linux•added 2023/05/24 12:0 a.m.•34 views

webkit2gtk3 security update

2.38.5-1.3 - Restore libwpe and wpebackend-fdo dependencies Related: 2185741 sort of 2.38.5-1.2 - Disable libwpe and wpebackend-fdo dependencies Related: 2185741 sort of 2.38.5-1.1 - Add patch for CVE-2023-28205 Resolves: 2185741 2.38.5-1 - Update to 2.38.5 Related: 2127468 2.38.4-1 - Update to...

8.8CVSS7.1AI score0.27076EPSS

Exploits0

Oracle linux•added 2023/05/15 12:0 a.m.•38 views

webkit2gtk3 security and bug fix update

2.38.5-1 - Update to 2.38.5 Related: 2127467 2.38.4-1 - Update to 2.38.4 Related: 2127467 2.38.3-1 - Update to 2.38.3 Related: 2127467 2.38.2-1 - Update to 2.38.2 Related: 2127467 2.38.1-2 - Fix use with aarch64 64 KiB page size Related: 2127467 2.38.1-1 - Update to 2.38.1 Resolves: 2127467...

8.8CVSS7.1AI score0.34574EPSS

Exploits2