CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2026/04/14 1:7 a.m.•3 views

AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

Impact When redirect following is enabled followRedirecttrue, AsyncHttpClient forwards Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and...

6.8CVSS5.5AI score0.00071EPSS

Exploits0References7Affected Software1

EUVD•added 2026/03/13 9:31 p.m.•0 views

EUVD-2026-11860

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...

NVD•added 2026/03/13 7:54 p.m.•0 views

CVE-2026-32366

8.5CVSS0.00044EPSS

ATTACKERKB•added 2026/03/13 11:42 a.m.•0 views

CVE-2026-32366

5.8AI score0.00044EPSS

CVE•added 2026/03/13 11:42 a.m.•2 views

CVE-2026-32366

The CVE concerns the WordPress plugin Collapsing Categories (component: collapsing-categories) by robfelty. It describes an SQL Injection due to improper neutralization, enabling a Blind SQL Injection condition. The vulnerability affects the plugin version range “from n/a through

Cvelist•added 2026/03/13 11:42 a.m.•25 views

CVE-2026-32366 WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection vulnerability

8.5CVSS0.00044EPSS

Vulnrichment•added 2026/03/13 11:42 a.m.•1 views

CVE-2026-32366 WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection vulnerability

Positive Technologies•added 2026/03/13 12:0 a.m.•0 views

PT-2026-25213

🟠 CVE-2026-32366 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issu... https://t.co/GrCcl9W1Op https://t.co/eW46FBLIh3...

CNNVD•added 2026/03/13 12:0 a.m.•2 views

Exploits0References5

WordPress plugin Collapsing Categories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.5CVSS5.9AI score0.00044EPSS

Tenable Nessus•added 2026/01/07 12:0 a.m.•1 views

Atlassian Confluence < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.x < 10.0.2 (CONFSERVER-101479)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101479 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside t...

8.7CVSS6.4AI score0.01003EPSS

Patchstack•added 2025/12/13 1:18 a.m.•2 views

WordPress Exhibz theme <= 3.0.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Exhibz versions = 3.0.9...

9.8CVSS7AI score0.00109EPSS

Exploits0Affected Software1

Vulnrichment•added 2025/12/10 9:3 p.m.•1 views

CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

8.7CVSS6.6AI score0.00367EPSS

Cvelist•added 2025/12/10 9:3 p.m.•16 views

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

8.8CVSS0.16257EPSS

CNNVD•added 2025/12/10 12:0 a.m.•1 views

QiHang Media Web Digital Signage 安全漏洞

QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from a file leak in the filename and path parameters, which may lead to information...

8.7CVSS6.4AI score0.00367EPSS

CNNVD•added 2025/12/10 12:0 a.m.•2 views

QiHang Media Web Digital Signage 路径遍历漏洞

QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A path traversal vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from the presence of file deletion in the QH.aspx endpoint, which could lead to...

9.1CVSS6.7AI score0.16257EPSS

CNNVD•added 2025/12/10 12:0 a.m.•1 views

QiHang Media Web Digital Signage 代码问题漏洞

QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A code issue vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from a remote code execution in the QH.aspx file, which could lead to arbitrary command...

9.8CVSS8.2AI score0.03594EPSS

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-202121

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through = 3.0.9...

6.6AI score0.00109EPSS