CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

4.4CVSS5.8AI score0.00051EPSS

Exploits0References4

EUVD•added 2026/01/24 9:8 a.m.•3 views

EUVD-2026-4545

The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formid' parameter of the 'leadbiform' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.8AI score0.00055EPSS

Exploits0References6

EUVD•added 2026/01/24 8:26 a.m.•5 views

EUVD-2026-4549

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.8AI score0.00212EPSS

Exploits0References3

EUVD•added 2026/01/24 7:26 a.m.•3 views

EUVD-2026-4567

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS5.4AI score0.00009EPSS

Exploits0References4

EUVD•added 2026/01/24 6:30 a.m.•3 views

EUVD-2026-4586

Not used...

5.3AI score

Exploits0References1

EUVD•added 2026/01/24 6:30 a.m.•2 views

EUVD-2026-4592

Not used...

5.3AI score

Exploits0References1

OSV•added 2026/01/23 5:49 p.m.•4 views

CGA-R73R-2MXW-HPWF

Bulletin has no description...

5.5CVSS5AI score0.00092EPSS

Exploits0

OSV•added 2026/01/23 5:49 p.m.•3 views

CGA-8XJC-GQGH-PJ2Q

Bulletin has no description...

5.5CVSS7.5AI score0.00027EPSS

Exploits0

EUVD•added 2026/01/23 4:53 p.m.•3 views

EUVD-2026-4273

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...

9.3CVSS6.4AI score0.83401EPSS

Exploits0References4

EUVD•added 2026/01/23 4:47 p.m.•3 views

EUVD-2026-4276

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

6.1CVSS5.1AI score0.00044EPSS

Exploits1References5

EUVD•added 2026/01/23 4:47 p.m.•3 views

EUVD-2026-4277

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

8.8CVSS6.4AI score0.00348EPSS

Exploits0References5

EUVD•added 2026/01/23 4:47 p.m.•4 views

EUVD-2026-4289

Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMPUDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access...

8.5CVSS5.4AI score0.00022EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by