CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6461 matches found

NVD•added 2 days ago•4 views

CVE-2026-56043

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS0.0018EPSS

Exploits0References1

EUVD•added 2 days ago•2 views

EUVD-2026-39704

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS5.8AI score0.0018EPSS

Exploits0References1

Cvelist•added 2 days ago•30 views

CVE-2026-56043 WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...

7.1CVSS0.0018EPSS

Exploits0References1

Cvelist•added 3 days ago•28 views

CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS0.0018EPSS

Exploits0References1

Nuclei•added 3 days ago•1618 views

Gitea 1.1.0 - 1.12.5 - Remote Code Execution

Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...

7.2CVSS7.8AI score0.93691EPSS

Exploits12References5

Patchstack•added 4 days ago•4 views

WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Customer Reviews for WooCommerce versions = 5.110.1...

7.1CVSS5.8AI score0.0018EPSS

Exploits0Affected Software1

NVD•added 4 days ago•11 views

CVE-2026-9612

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS0.00308EPSS

Exploits0References7

EUVD•added 4 days ago•6 views

EUVD-2026-38686

5.3CVSS5.9AI score0.00308EPSS

Exploits0References7

CVE•added 4 days ago•9 views

CVE-2026-9612

The CVE-2026-9612 entry concerns the WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress. Affects versions up to 1.0.1 and is caused by the yapacdev_generate_order_pdf function, which exposes sensitive customer PII and order details. Attack flow: an unauthenticated user can enumera...

5.3CVSS5.9AI score0.00308EPSS

Exploits0References7

EUVD•added 2026/06/19 5:52 p.m.•7 views

EUVD-2023-60592

Joomla combooking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=combooking,...

8.7CVSS5.8AI score0.00346EPSS

Exploits0References4

Patchstack•added 2026/06/18 5:37 p.m.•5 views

WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...

5.3CVSS5.3AI score0.00299EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2026/06/18 2:0 p.m.•7 views

Dynamics 365 Customer Voice Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS5.8AI score

Exploits0

Cvelist•added 2026/06/18 6:50 a.m.•33 views

CVE-2026-12111 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS

Exploits0References10

EUVD•added 2026/06/18 6:50 a.m.•8 views

EUVD-2026-37864

4.3CVSS5.4AI score0.00285EPSS

Exploits0References10

NVD•added 2026/06/17 10:54 a.m.•7 views

CVE-2026-46888

Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Database Upgrade. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Deployment executes to...

7.8CVSS0.0012EPSS

Exploits0References1

NVD•added 2026/06/15 9:17 p.m.•10 views

CVE-2026-49780

Customer Privilege Escalation in Dokan = 5.0.2 versions...

8.8CVSS0.00283EPSS

Exploits0References1

NVD•added 2026/06/15 9:17 p.m.•11 views

CVE-2026-49082

Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...

7.4CVSS0.00264EPSS

Exploits0References1

NVD•added 2026/06/15 9:17 p.m.•9 views

CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

8.5CVSS0.00332EPSS

Exploits0References1

NVD•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS

Exploits0References1

EUVD•added 2026/06/15 8:19 p.m.•5 views

EUVD-2026-36878

Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...

7.4CVSS5.2AI score0.00264EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by