CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24133 matches found

NVD•added 6 hours ago•5 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS

Exploits0References1

NVD•added 6 hours ago•6 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS

Exploits0References1

NVD•added 6 hours ago•5 views

CVE-2026-57326

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS

Exploits0References1

Cvelist•added 8 hours ago•4 views

CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS

Exploits0References1

CVE•added 8 hours ago•6 views

CVE-2026-57339

The CVE-2026-57339 entry concerns an Unauthenticated Broken Access Control flaw in the WordPress Business Directory plugin up to version 6.4.23 . The available data confirm the affected product and version range, with the underlying issue categorized as broken access control (no additional techni...

6.5CVSS5.8AI score

Exploits0References1

EUVD•added 8 hours ago•5 views

EUVD-2026-40110

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score

Exploits0References1

Cvelist•added 8 hours ago•5 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS

Exploits0References1

CVE•added 8 hours ago•7 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score

Exploits0References1

EUVD•added 8 hours ago•5 views

EUVD-2026-40099

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS5.8AI score

Exploits0References1

Cvelist•added 8 hours ago•5 views

CVE-2026-57326 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS

Exploits0References1

CVE•added 8 hours ago•7 views

CVE-2026-57326

The CVE-2026-57326 entry concerns an Unauthenticated Cross Site Scripting (XSS) in the WordPress Business Directory plugin up to version 6.4.22 . The connected documents consistently describe the issue as an XSS vulnerability affecting that plugin version range. The vulnerability is reported with...

6.1CVSS5.8AI score

Exploits0References1

EUVD•added 8 hours ago•5 views

EUVD-2026-40097

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS5.8AI score

Exploits0References1

Cvelist•added 8 hours ago•6 views

CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS

Exploits0References6

EUVD•added 8 hours ago•6 views

EUVD-2026-40095

6.9CVSS5.7AI score

Exploits0References6

Nuclei•added 16 hours ago•8 views

Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting

Dyn Business Panel WordPress plugin = 1.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter in output, letting attackers execute scripts in the context of high privilege users, exploit requires victim to click a malicious link. id: CVE-2024-130...

7.1CVSS7.2AI score0.00522EPSS

Exploits1References2

Nuclei•added 16 hours ago•22 views

PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting

The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials. id: CVE-2023-4115 info: name: PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting author:...

6.1CVSS5.9AI score0.05177EPSS

Exploits4References5

Nuclei•added 16 hours ago•139 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7.1AI score0.05238EPSS

Exploits0References5

Nuclei•added 16 hours ago•126 views

SAP Web Application Server 6.x/7.0 - Open Redirect

frameset.htm in the BSP runtime in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. id: CVE-2005-3634 info: name: SAP Web...

5CVSS6AI score0.19378EPSS

Exploits1References6

Nuclei•added yesterday•26 views

Oracle Fusion - Directory Traversal/Local File Inclusion

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage." id: CVE-2020-14864 info: name: Oracle Fusion - Directory Traversal/Local File Inclusion author: Ivo Palazzolo @palaziv severity: high...

7.8CVSS7.2AI score0.97233EPSS

Exploits2References5

Nuclei•added yesterday•51 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.1AI score0.37099EPSS

Exploits4References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by