CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4946 matches found

CVE•added 2026/05/05 3:23 p.m.•13 views

CVE-2026-43067

Summary of CVE-2026-43067 (Linux kernel, ext4): A wraparound issue in block allocation for indirect-mmapped files could permit referencing blocks beyond the 32-bit block-number limit. The described root cause involves how ext4 allocates blocks for indirect-based files and how grouping logic could...

9.8CVSS5.8AI score0.00403EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/05/05 3:23 p.m.•34 views

CVE-2026-43067 ext4: handle wraparound when searching for blocks for indirect mapped blocks

In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 "ext4: always allocate blocks only from groups inode can use" restricts what blocks will be allocated for indirect block based files...

9.8CVSS0.00403EPSS

Exploits0References6

CNNVD•added 2026/05/05 12:0 a.m.•7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ext4’s failure to handle circular issues when searching for indirectly mapped blocks. This could...

9.8CVSS5.8AI score0.00403EPSS

Exploits0References1

Positive Technologies•added 2026/05/05 12:0 a.m.•12 views

PT-2026-37070

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system regarding the handling of wraparound when searching for blocks for indirect mapped blocks. In environments where a file system contains both...

9.8CVSS5.8AI score0.00403EPSS

Exploits0References18

RedhatCVE•added 2026/05/04 8:21 p.m.•6 views

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS6AI score0.00419EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 8:21 p.m.•4 views

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

6.4CVSS6AI score0.00234EPSS

Exploits0References1

HackRead•added 2026/05/04 9:48 a.m.•9 views

7 Key Features That Make Secure Browsers Safer

Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks...

5.8AI score

Exploits0

NVD•added 2026/05/02 8:16 a.m.•6 views

CVE-2026-2052

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

8.8CVSS0.00774EPSS

Exploits0References6

Cvelist•added 2026/05/02 7:46 a.m.•32 views

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

8.8CVSS0.00774EPSS

Exploits0References6

NVD•added 2026/05/02 5:16 a.m.•7 views

CVE-2026-4658

6.4CVSS0.00419EPSS

Exploits0References10

CVE•added 2026/05/02 4:27 a.m.•15 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00419EPSS

Exploits0References10

Cvelist•added 2026/05/02 4:27 a.m.•35 views

CVE-2026-4658 Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

6.4CVSS0.00419EPSS

Exploits0References10

EUVD•added 2026/05/02 4:27 a.m.•5 views

EUVD-2026-26733

6.4CVSS6AI score0.00419EPSS

Exploits0References10

ATTACKERKB•added 2026/05/02 4:27 a.m.•3 views

CVE-2026-4658

6.4CVSS6AI score0.00419EPSS

Exploits0References11

NVD•added 2026/05/02 4:16 a.m.•7 views

CVE-2026-6378

6.4CVSS0.00234EPSS

Exploits0References10

Cvelist•added 2026/05/02 3:36 a.m.•29 views

CVE-2026-6378 Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API

6.4CVSS0.00234EPSS

Exploits0References10

ATTACKERKB•added 2026/05/02 3:36 a.m.•4 views

CVE-2026-6378

6.4CVSS6AI score0.00234EPSS

Exploits0References11

EUVD•added 2026/05/02 3:36 a.m.•4 views

EUVD-2026-26728

6.4CVSS6AI score0.00234EPSS

Exploits0References10

Vulnrichment•added 2026/05/02 3:36 a.m.•3 views

CVE-2026-6378 Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API

6.4CVSS6AI score0.00234EPSS

Exploits0References10

CVE•added 2026/05/02 3:36 a.m.•14 views

CVE-2026-6378

CVE-2026-6378 concerns the Maxi Blocks WordPress plugin. It describes a Stored Cross-Site Scripting (XSS) vulnerability via the REST API endpoint /wp-json/maxi-blocks/v1.0/style-card, affecting all versions up to and including 2.1.9. The root cause is insufficient input sanitization and output es...

6.4CVSS6AI score0.00234EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by