CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-8424

Cvelist•added 2026/05/20 1:25 a.m.•36 views

CVE-2026-8424 Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery

4.3CVSS0.00014EPSS

EUVD•added 2026/05/20 1:25 a.m.•6 views

EUVD-2026-31032

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-8424 Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery

CVE•added 2026/05/20 1:25 a.m.•9 views

CVE-2026-8424

CVE-2026-8424 concerns the WordPress plugin Remove Yellow BGBOX (versions

CNNVD•added 2026/05/20 12:0 a.m.•4 views

WordPress plugin Remove Yellow BGBOX 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

RedhatCVE•added 2026/05/06 2:21 p.m.•7 views

Exploits0References1

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00038EPSS

Exploits1References1

Snyk•added 2026/05/04 9:28 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the GET /api/settings process. An attacker can obtain sensitive configuration values, such as node.secret, by making authenticated requests, and subsequently abuse trusted-node authentication, exfiltrate...

7.1CVSS5.8AI score0.00038EPSS

Exploits1References2

ATTACKERKB•added 2026/05/04 8:8 p.m.•3 views

CVE-2026-42220

6.5CVSS5.7AI score0.00038EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/30 4:38 p.m.•2 views

GHSA-CP8R-8JVW-V3QG nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval

Summary An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface...

6.9CVSS6AI score0.0008EPSS

Exploits1References4

NVD•added 2026/03/27 1:16 a.m.•5 views

CVE-2026-33735

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

8.8CVSS0.00058EPSS

Exploits1References3

Vulnrichment•added 2026/03/27 12:36 a.m.•2 views

CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover

8.7CVSS5.9AI score0.00058EPSS

Exploits1References3

NVD•added 2026/03/07 12:16 a.m.•3 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS0.00015EPSS

Vulnrichment•added 2026/03/06 11:22 p.m.•2 views

CVE-2026-1981 Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion

4.3CVSS5.8AI score0.00015EPSS

Cvelist•added 2026/03/06 11:22 p.m.•30 views

CVE-2026-1981 Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion

4.3CVSS0.00015EPSS