CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/02/18 5:29 a.m.•3 views

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00012EPSS

Exploits0References4

Cvelist•added 2026/02/18 12:0 a.m.•20 views

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

0.00122EPSS

Vulnrichment•added 2026/02/18 12:0 a.m.•3 views

CVE-2025-70064

5.5AI score0.00122EPSS

CNNVD•added 2026/02/18 12:0 a.m.•5 views

SourceCodester Customer Support System 安全漏洞

The SourceCodester Customer Support System is an open-source customer support system developed by SourceCodester. Version 1.0 of the SourceCodester Customer Support System contains security vulnerabilities. These vulnerabilities stem from the AJAX scheduler in the ajax.php file, which lacks...

9.4CVSS5.8AI score0.00577EPSS

NVD•added 2026/02/17 10:18 p.m.•5 views

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

3.8CVSS0.00037EPSS

Cvelist•added 2026/02/17 9:32 p.m.•26 views

CVE-2025-36183 Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

3.8CVSS0.00037EPSS

CNNVD•added 2026/02/17 12:0 a.m.•4 views

IBM Watsonx.data 代码问题漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There were code vulnerabilities in versions 2.2 to 2.2.1 of IBM Watsonx.data. These vulnerabilities allowed privileged users to upload malicious files and execute them on the server, potentially leading to modifications to files or...

3.8CVSS6AI score0.00037EPSS

Positive Technologies•added 2026/02/17 12:0 a.m.•3 views

PT-2026-20246

Name of the Vulnerable Software and Affected Versions IBM watsonx.data versions 2.2 through 2.2.1 Description A privileged user may be able to upload malicious files to IBM Lakehouse. These files could be executed on the server, potentially allowing modification of limited files or data...

3.8CVSS5.3AI score0.00037EPSS

Exploits0References4

Redos•added 2026/02/16 12:0 a.m.•6 views

ROS-20260216-73-0026

A vulnerability in the JavaFX component of the Oracle Java SE software platform is related to an operation exceeding buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete data...

3.1CVSS5.8AI score0.00065EPSS

Exploits0

RedhatCVE•added 2026/02/15 1:19 a.m.•3 views

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

8.8CVSS5.7AI score0.00021EPSS

ATTACKERKB•added 2026/02/13 9:23 p.m.•1 views

CVE-2025-15157

8.8CVSS5.7AI score0.00021EPSS

Exploits0References3

Cvelist•added 2026/02/13 9:23 p.m.•26 views

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

8.8CVSS0.00021EPSS

Vulnrichment•added 2026/02/13 9:23 p.m.•1 views

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

8.8CVSS5.6AI score0.00021EPSS

Cvelist•added 2026/02/11 8:26 a.m.•17 views

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

6.5CVSS0.00042EPSS

RedhatCVE•added 2026/02/11 7:30 a.m.•2 views

CVE-2026-24319

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high...

5.8CVSS5.5AI score0.00004EPSS

OSV•added 2026/02/10 4:16 a.m.•2 views

CVE-2026-0484

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...

6.5CVSS5.8AI score0.00014EPSS

Vulnrichment•added 2026/02/10 3:0 a.m.•2 views

CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

6.5CVSS5.6AI score0.00014EPSS