CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

65 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JNDI. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This vulnerabili...

3.7CVSS6.7AI score0.00264EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:7 p.m.•0 views

CVE-2026-4063

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

4.3CVSS5.8AI score0.00042EPSS

Exploits0References1

CVE•added 2026/01/09 4:31 a.m.•12 views

CVE-2025-14886

CVE-2025-14886 concerns Japanized for WooCommerce for WordPress. It is a data modification vulnerability due to missing capability check on the order REST API endpoint, affecting all versions up to and including 2.7.17. Unauthenticated attackers could mark any WooCommerce order as processed/compl...

5.3CVSS5AI score0.00044EPSS

Exploits0References2

CNVD•added 2025/11/20 12:0 a.m.•1 views

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin unauthorized data modification vulnerability

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...

5.3CVSS7.1AI score0.00106EPSS

Exploits0References1

Positive Technologies•added 2025/11/19 12:0 a.m.•4 views

PT-2025-47432

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset settings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00036EPSS

Exploits0References3

EUVD•added 2025/11/18 8:27 a.m.•1 views

EUVD-2025-197941

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

6.5CVSS4.9AI score0.00113EPSS

Exploits0References3

Vulnrichment•added 2025/10/24 8:24 a.m.•1 views

CVE-2025-11172 Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chkplagminepluginwpse10500adminaction function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.7AI score0.00036EPSS

Exploits0References2

NVD•added 2025/10/04 3:15 a.m.•2 views

CVE-2025-11228

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticat...

5.3CVSS0.00109EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-32998

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.00189EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-51707

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.00082EPSS

Exploits0References3