CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

176 matches found

EUVD-2026-33055

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00096EPSS

Exploits0References1

Cvelist•added last week•25 views

CVE-2026-45343 LinkAce - Stored XSS via Unsanitized SSO User's Name Rendered in Admin Audit Log Allows Session Hijacking

8.5CVSS0.00096EPSS

Exploits0References1

ATTACKERKB•added last week•4 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

6AI score0.0021EPSS

Exploits0References2Affected Software1

Vulnrichment•added last week•5 views

CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances

8.1CVSS6AI score0.0021EPSS

Exploits0References1

NVD•added 2026/05/27 2:17 p.m.•6 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS0.00028EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 11:53 a.m.•3 views

CVE-2026-48971

4.3CVSS5.8AI score0.00028EPSS

Exploits0References2

Cvelist•added 2026/05/27 11:53 a.m.•29 views

CVE-2026-48971 WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

4.3CVSS0.00028EPSS

Exploits0References1

CVE•added 2026/05/27 11:53 a.m.•12 views

CVE-2026-48971

CVE-2026-48971 affects the WordPress plugin WordPress Product Import Export for WooCommerce (WebToffee) up to version 2.5.6. The issue is a Missing Authorization/Broken Access Control vulnerability due to incorrectly configured access control levels, enabling an attacker to exploit over the netwo...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References1

Patchstack•added 2026/05/27 11:52 a.m.•5 views

WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.6...

4.3CVSS5.8AI score0.00028EPSS

Exploits0Affected Software1

Cvelist•added 2026/05/20 1:25 a.m.•32 views

CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS0.00036EPSS

Exploits0References5

EUVD•added 2026/05/20 1:25 a.m.•4 views

EUVD-2026-31017

6.4CVSS6AI score0.00036EPSS

Exploits0References5

The Hacker News•added 2026/05/14 11:40 a.m.•9 views

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 CVSS score: 7.3, a case of missing...

7.3CVSS5.8AI score0.00029EPSS

Exploits3

CVE•added 2026/05/08 1:35 p.m.•26 views

CVE-2026-44338

PraisonAI ships a legacy Flask API server with authentication disabled by default in versions 2.5.6 through before 4.6.34. The root cause is APIServer.check_auth() short-circuiting when AUTH_ENABLED is False, allowing unauthenticated access to /agents and triggering the agents.yaml workflow via /...

7.3CVSS5.8AI score0.00029EPSS

In wildExploits3References1Affected Software1

EUVD•added 2026/04/08 9:31 a.m.•0 views

EUVD-2026-20332

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.9AI score0.0004EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

5.3CVSS5.9AI score0.0004EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39662

5.9AI score0.0004EPSS

Exploits0References2

Vulnrichment•added 2026/03/05 5:53 a.m.•0 views

CVE-2026-27396 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

5.8AI score0.00054EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:53 a.m.•2 views

CVE-2026-27396

5.9AI score0.00054EPSS

Exploits0References2

CVE•added 2026/03/05 5:53 a.m.•6 views

CVE-2026-27396

CVE-2026-27396 (Directory Pro plugin) is a Missing Authorization / Broken Access Control vulnerability disclosed for WordPress Directory Pro plugin versions n/a through 2.5.6. Multiple connected sources (Red Hat, NVD, CVE listings, Patchstack, and AttackKB) corroborate: an incorrectly configured ...

7.3CVSS5.9AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23264

5.9AI score0.00054EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by