CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1656 matches found

Positive Technologies•added 5 days ago•3 views

PT-2026-44945

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...

6.5CVSS5.9AI score0.00026EPSS

Exploits0References3

Github Security Blog•added 6 days ago•14 views

Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...

9.8CVSS7.8AI score0.19687EPSS

Exploits0References3Affected Software1

Cvelist•added 6 days ago•20 views

CVE-2026-44798 Nautobot: GitRepository.current_head field should not be writable through REST API

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...

7.1CVSS0.0005EPSS

Exploits0References5

GithubExploit•added 6 days ago•45 views

Exploit for CVE-2026-47100

CVE-2026-47100 — FunnelKit / Funnel Builder for WooCommerce Ch...

8.7CVSS5.9AI score0.00048EPSS

Exploits1

NVD•added 2026/05/27 3:16 p.m.•9 views

CVE-2026-45571

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS0.00013EPSS

Exploits0References1

OSV•added 2026/05/27 3:16 p.m.•4 views

UBUNTU-CVE-2026-45571

5.4CVSS5.8AI score0.00013EPSS

Exploits0References3

EUVD•added 2026/05/27 2:57 p.m.•10 views

EUVD-2026-32544

5.4CVSS5.8AI score0.00013EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 2:57 p.m.•6 views

CVE-2026-45571

5.4CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/27 11:16 a.m.•5 views

CVE-2026-42725

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

6.5CVSS0.0005EPSS

Exploits0References1

EUVD•added 2026/05/27 9:49 a.m.•7 views

EUVD-2026-32182

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42725

6.5CVSS5.8AI score0.0005EPSS

Exploits0References2

Cvelist•added 2026/05/27 9:49 a.m.•23 views

CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

6.5CVSS0.0005EPSS

Exploits0References1

CVE•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42725

CVE-2026-42725 describes an Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Checkout Files Upload for WooCommerce (versions

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•5 views

CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin Checkout Files Upload for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-43637

6.5CVSS5.8AI score0.0005EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в git

Git is a fast, scalable, distributed revision control system with an unusually rich command set. It offers both high-level operations and full access to its internal workings. When reading a config value, Git removes any trailing carriage return and line feed CRLF characters. When writing a confi...

8CVSS6.8AI score0.00603EPSS

Exploits9References2

NVD•added 2026/05/20 2:16 a.m.•5 views

CVE-2026-3985

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkoutuuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS0.00093EPSS

Exploits0References4

EUVD•added 2026/05/20 1:25 a.m.•6 views

EUVD-2026-31018

7.5CVSS5.9AI score0.00093EPSS

Exploits0References4

CVE•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-3985

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to a SQL Injection via the checkout_uuid parameter in all versions up to 1.6.9. Root cause: insufficient escaping of user input and lack of proper SQL preparation in the has_checkout_consent() qu...

7.5CVSS5.9AI score0.00093EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by