CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/18 4:53 a.m.•1 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

8.7CVSS5.8AI score0.00034EPSS

ATTACKERKB•added 2026/03/18 4:53 a.m.•1 views

CVE-2026-32268

8.7CVSS5.8AI score0.00034EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/03/18 3:46 a.m.•1 views

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/18 3:46 a.m.•1 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

ATTACKERKB•added 2026/03/18 3:28 a.m.•3 views

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

Exploits0References3Affected Software1

OSV•added 2026/03/18 3:28 a.m.•1 views

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

6.9CVSS5.9AI score0.00035EPSS

Exploits0References4

Cvelist•added 2026/03/18 3:28 a.m.•26 views

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

6.9CVSS0.00035EPSS

CNNVD•added 2026/03/18 12:0 a.m.•3 views

Google Cloud Storage for Craft CMS 信息泄露漏洞

Google Cloud Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Google Cloud Storage for Craft CMS prior to version 2.2.1 had a vulnerability related to information leakage. This vulnerability stemmed from improper access control at the...

Github Security Blog•added 2026/03/16 6:13 p.m.•4 views

Amazon S3 for Craft CMS has an Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to...

Exploits0References4Affected Software1

CVE•added 2026/01/07 9:20 a.m.•8 views

CVE-2025-14053

The CVE-2025-14053 entry concerns Travel Bucket List – Wish To Go (WordPress plugin). It describes Stored Cross-Site Scripting via shortcode attributes in versions up to 0.5.2 due to insufficient input sanitization/output escaping. Exploitation requires authenticated access at Contributor level o...

6.4CVSS4.7AI score0.00016EPSS

Exploits0References3

Cvelist•added 2026/01/07 9:20 a.m.•20 views

CVE-2025-14053 Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00016EPSS

Exploits0References3

Patchstack•added 2026/01/06 11:29 p.m.•4 views

WordPress Travel Bucket List plugin <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by ChamlaVic in WordPress Plugin Wish To Go versions = 0.5.2...

6.4CVSS5.7AI score0.00016EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-45702

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00197EPSS

RedhatCVE•added 2025/05/23 6:40 a.m.•5 views

CVE-2024-51908

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kevinabl Adventure Bucket List adventure-bucket-list allows DOM-Based XSS.This issue affects Adventure Bucket List: from n/a through = 1.0.9...

6.5CVSS7.2AI score0.00197EPSS

NVD•added 2024/11/19 5:15 p.m.•9 views

CVE-2024-51908

6.5CVSS0.00197EPSS

CVE•added 2024/11/19 4:31 p.m.•44 views

CVE-2024-51908

CVE-2024-51908 is a DOM-based XSS in the WordPress plugin Adventure Bucket List (WordPress plugin family). The vulnerability arises from improper input neutralization during page generation, enabling DOM-based cross-site scripting. Affected versions are reported as “from n/a through 1.0.9” for Ad...

6.5CVSS7.2AI score0.00197EPSS

Cvelist•added 2024/11/19 4:31 p.m.•15 views

CVE-2024-51908 WordPress Adventure Bucket List plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00197EPSS

Vulnrichment•added 2024/11/19 4:31 p.m.•8 views

CVE-2024-51908 WordPress Adventure Bucket List plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gonzalo Geraldo Adventure Bucket List allows DOM-Based XSS.This issue affects Adventure Bucket List: from n/a through 1.0.9...

6.5CVSS6.9AI score0.00197EPSS

CNNVD•added 2024/11/19 12:0 a.m.•2 views

WordPress plugin Adventure Bucket List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.5CVSS7.6AI score0.00197EPSS