CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

EUVD•added 2026/05/28 6:8 p.m.•7 views

EUVD-2026-31908

OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd...

7.2CVSS5.8AI score0.0005EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 2:15 p.m.•4 views

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.0005EPSS

Exploits0References1

Cvelist•added 2026/05/26 5:3 p.m.•34 views

CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

7.2CVSS0.0005EPSS

Exploits0References1

NVD•added 2025/09/09 5:15 p.m.•1 views

CVE-2025-47571

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through 7.8...

7.5CVSS0.00144EPSS

Exploits0References1

CNNVD•added 2024/09/17 12:0 a.m.•1 views

WordPress plugin Super Store Finder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

7.1CVSS6AI score0.00319EPSS

Exploits0References3

Patchstack•added 2024/08/28 12:0 a.m.•7 views

WordPress Super Store Finder Plugin <= 6.9.7 is vulnerable to SQL Injection

Software Super Store Finder Type Plugin Vulnerable versions = 6.9.7 Fixed in 6.9.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43976 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7586102df7db Credits Bonds Required privilege Subscriber Publishe...

9.8CVSS6.8AI score0.00484EPSS

Exploits0References1Affected Software1

OSV•added 2024/02/29 1:44 a.m.•2 views

CVE-2024-23519

Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...

8.8CVSS7.3AI score0.00171EPSS

Exploits0References1

WPVulnDB•added 2024/02/05 12:0 a.m.•9 views

Email Before Download <= 6.9.7 - Cross-Site Request Forgery

Description The Email Before Download plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.9.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forg...

4.3CVSS6.3AI score0.00171EPSS

Exploits0References1

OSV•added 2022/11/26 10:15 p.m.•1 views

AZL-44307 CVE-2022-24999 affecting package nodejs-nodemon 2.0.3-5

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

7.5CVSS6.7AI score0.01543EPSS

Exploits2References1

OSV•added 2017/08/23 12:0 a.m.•1 views

UBUNTU-CVE-2017-13143

In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory...

7.5CVSS7.2AI score0.00313EPSS

Exploits0References3

Positive Technologies•added 2017/08/22 12:0 a.m.•8 views

PT-2017-12931 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.7-10 Description: The issue causes a crash when image dimensions are too large, instead of reporting a "width or height exceeds limit" error. This can be demonstrated using the mpc coder. Recommendations: For...

9.8CVSS6.3AI score0.87527EPSS

Exploits84References577

RedhatCVE•added 2017/03/06 3:52 p.m.•23 views

CVE-2017-6500

An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read...

5.5CVSS3.6AI score0.00269EPSS

Exploits0References1