CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 3 days ago•2 views

WordPress plugin: Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity – Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

7.5CVSS5.8AI score0.00031EPSS

CNNVD•added 2026/05/17 12:0 a.m.•3 views

WooCommerce 路径遍历漏洞

WooCommerce is an open-source e-commerce platform built on WordPress by WooCommerce Inc. Version 3.3.6 of WooCommerce has a path traversal vulnerability. This vulnerability allows any registered user to submit unescaped file names through the deleteexportfile AJAX operation, potentially leading t...

8.7CVSS5.8AI score0.00381EPSS

Cvelist•added 2026/05/09 12:29 p.m.•25 views

CVE-2026-8198 Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an...

5.3CVSS0.00039EPSS

Exploits0References6

Vulnrichment•added 2026/05/09 12:29 p.m.•4 views

CVE-2026-8198 Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

5.3CVSS5.7AI score0.00039EPSS

Exploits0References6

OPENSUSE Linux•added 2026/04/21 12:0 a.m.•2 views

haproxy-3.3.6+git91.af5637e93-1.1 on GA media (moderate)

haproxy-3.3.6+git91.af5637e93-1.1 on GA media Announcement ID: openSUSE-SU-2026:10581-1 Rating: moderate Cross-References: CVE-2026-33555 CVSS scores: CVE-2026-33555 SUSE : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2026-33555 SUSE : 6.3...

6.3CVSS5.8AI score0.00013EPSS

Exploits0

RedhatCVE•added 2026/02/03 9:18 a.m.•4 views

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS5.6AI score0.00091EPSS

Github Security Blog•added 2026/02/02 12:31 p.m.•2 views

Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

Exploits0References4Affected Software1

Vulnrichment•added 2026/02/02 10:36 a.m.•2 views

CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference

CVE•added 2026/02/02 10:36 a.m.•9 views

CVE-2026-0599

CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...

EUVD•added 2026/02/02 10:36 a.m.•4 views

EUVD-2026-5137

Cvelist•added 2026/02/02 10:36 a.m.•27 views

CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference

7.5CVSS0.00259EPSS

Github Security Blog•added 2026/02/02 6:30 a.m.•3 views

RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS8.1AI score0.00091EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/02 6:30 a.m.•1 views

GHSA-4WWF-F7W3-94F5 RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS5.7AI score0.00091EPSS

Exploits0References5

NVD•added 2026/02/02 5:16 a.m.•3 views

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS0.00091EPSS

Cvelist•added 2026/02/02 4:37 a.m.•23 views

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS0.00091EPSS

Vulnrichment•added 2026/02/02 4:37 a.m.•1 views

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS5.6AI score0.00091EPSS

CVE•added 2026/02/02 4:37 a.m.•9 views

CVE-2026-24788

CVE-2026-24788 concerns RaspAP raspap-webgui prior to version 3.3.6, which is affected by an OS command injection vulnerability. Multiple connected sources (Red Hat's advisory RH:CVE-2026-24788, NVD/NVD-derived entries, GHSA entry, CIRCL sighting) corroborate that an authenticated user (login to ...

8.8CVSS5.9AI score0.00091EPSS