CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS

Exploits0References4

EUVD•added 2026/06/11 8:33 p.m.•9 views

EUVD-2026-34901

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS5.4AI score0.00305EPSS

Exploits0References4

Veracode•added 2026/06/09 7:49 a.m.•8 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS

Exploits0References4Affected Software1

NVD•added 2026/06/05 8:17 p.m.•11 views

CVE-2026-11401

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS

Exploits0References3

Cvelist•added 2026/06/05 7:7 p.m.•26 views

CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS

Exploits0References3

Positive Technologies•added 2026/06/05 12:0 a.m.•11 views

PT-2026-47035

Name of the Vulnerable Software and Affected Versions AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL versions prior to 2026-05-26 Description An untrusted search path issue exists in the GlobalDatabasePlugin. This allows a remote authenticated low-privilege actor to escalate privileges to...

8.6CVSS5.5AI score0.00305EPSS

Exploits0References10

CNNVD•added 2026/06/05 12:0 a.m.•5 views

Amazon Web Services JDBC Driver 安全漏洞

The Amazon Web Services JDBC Driver is an open-source Go language wrapper developed by Amazon Web Services. There is a security vulnerability in the Amazon Web Services JDBC Driver, which stems from an unreliable search path issue in the GlobalDatabasePlugin. This vulnerability allows remote,...

8.6CVSS5.3AI score0.00305EPSS

Exploits0References3

NVD•added 2026/05/27 7:16 a.m.•13 views

CVE-2026-8845

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS0.00187EPSS

Exploits0References3

EUVD•added 2026/05/27 5:31 a.m.•7 views

EUVD-2026-32081

6.4CVSS6AI score0.00187EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 5:31 a.m.•7 views

CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS6AI score0.00187EPSS

Exploits0References3

CNNVD•added 2026/05/27 12:0 a.m.•9 views

WordPress plugin Islamic Database 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS

Exploits0References3

Patchstack•added 2026/04/09 9:44 p.m.•4 views

WordPress Advanced CF7 DB plugin <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability

Missing Authorization to Authenticated Subscriber+ Form Submissions Excel Export vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

4.3CVSS5.9AI score0.00303EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•8 views

PT-2026-20587

Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB plugin for WordPress versions 0.5.4 through 1.2.1 Description The Tablesome Table – Contact Form DB plugin for WordPress has a flaw where a missing capability check in the get table data function allows...

8.8CVSS5.2AI score0.00356EPSS

Exploits0References7

RedhatCVE•added 2026/01/09 12:33 p.m.•11 views

CVE-2023-31235

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.9 versions...

8.8CVSS8.5AI score0.00339EPSS

Exploits0References1

CVE•added 2025/12/18 7:22 a.m.•11 views

CVE-2025-64231

The CVE-2025-64231 entry concerns the WordPress plugin RTW WordPress Contact Form 7 PDF, Google Sheet & Database (rtwwcfp-wordpress-contact-form-7-pdf) versions up to 3.0.0. The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing upload of malicious files via the plugin’...

9.9CVSS6.6AI score0.00272EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-29444

Malware in sbrugna...

7.5CVSS7.5AI score0.01624EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2014-3894

Malware in sbrugna...

7.5CVSS6.2AI score0.05798EPSS

Exploits1References8