CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/11 1:24 a.m.•1 views

CVE-2026-5144

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

8.8CVSS5.6AI score0.00406EPSS

Vulnrichment•added 2026/04/11 1:24 a.m.•1 views

CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR

8.8CVSS5.6AI score0.00406EPSS

Exploits0References8

Positive Technologies•added 2026/04/11 12:0 a.m.•2 views

PT-2026-32096

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic add and topic edit action handlers accept arbitrary user-supplied data arrays from $ REQUEST and store them as postmeta without...

7.1CVSS5.9AI score0.00499EPSS

Exploits0References11

Positive Technologies•added 2026/04/11 12:0 a.m.•2 views

PT-2026-32089

8.8CVSS5.6AI score0.00406EPSS

CNNVD•added 2026/04/11 12:0 a.m.•5 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.9AI score0.00499EPSS

Exploits0References10

EUVD•added 2026/04/10 9:31 a.m.•2 views

EUVD-2026-21328

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

Vulnrichment•added 2026/04/10 8:30 a.m.•1 views

Exploits0References6

CVE-2026-6037 code-projects Vehicle Showroom Management System AddVehicleFunction.php sql injection

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCHID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00259EPSS

CVE•added 2026/04/10 8:30 a.m.•8 views

CVE-2026-6037

CVE-2026-6037 affects Code-Projects’ Vehicle Showroom Management System 1.0. The vulnerability is in the /util/AddVehicleFunction.php function where manipulation of BRANCH_ID enables SQL injection. Exploitation is remote and a public exploit has been disclosed. No remediation details are provided...

7.5CVSS6.9AI score0.00259EPSS

NVD•added 2026/04/10 8:16 a.m.•2 views

CVE-2026-6031

7.5CVSS0.00367EPSS

Cvelist•added 2026/04/10 7:0 a.m.•27 views

CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection

7.5CVSS0.00367EPSS

Vulnrichment•added 2026/04/10 7:0 a.m.•2 views

CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection

CVE•added 2026/04/10 7:0 a.m.•9 views

CVE-2026-6031

The CVE concerns code-projects Simple IT Discussion Forum 1.0. The vulnerability is in the add-category-function.php file, where manipulation of the Category argument enables SQL injection. This is a NETWORK, low-complexity issue with no required privileges or user interaction, and it is exploita...

ATTACKERKB•added 2026/04/10 7:0 a.m.•1 views

CVE-2026-6031

Exploits0References5Affected Software1

EUVD•added 2026/04/10 12:30 a.m.•3 views

EUVD-2026-21104

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...

6CVSS6AI score0.00293EPSS

Positive Technologies•added 2026/04/10 12:0 a.m.•4 views

PT-2026-31889

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A flaw exists in code-projects Simple IT Discussion Forum version 1.0 that allows for SQL injection via manipulation of the Category argument in the /add-category-function.php...

7.5CVSS7AI score0.00367EPSS

CNVD•added 2026/04/10 12:0 a.m.•4 views

TRENDnet TEW-657BRM add_apcdb Function Stack Overflow Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. A stack overflow vulnerability exists in the TRENDnet TEW-657BRM addapcdb function, which originates from a misuse of the addapcdb function parameter macpcdba in file /setup.cgi, for which no detailed vulnerability details are available...

9CVSS8.1AI score0.00772EPSS

Exploits1

CNNVD•added 2026/04/10 12:0 a.m.•3 views

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Category parameter in the...

7.5CVSS7.2AI score0.00367EPSS

CNNVD•added 2026/04/10 12:0 a.m.•5 views

Code-Projects Vehicle Showroom Management System SQL注入漏洞

The Code-Projects Vehicle Showroom Management System is an open-source system for managing automobile showrooms developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling...

7.5CVSS7.2AI score0.00259EPSS