CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2519 matches found

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS7.1AI score0.63407EPSS

Exploits3References5

Nuclei•added 13 hours ago•21 views

SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS3.8AI score0.48533EPSS

Exploits4References5

Nuclei•added 13 hours ago•33 views

WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

6.1CVSS6.3AI score0.01555EPSS

Exploits1References4

EUVD•added last week•7 views

EUVD-2026-37626

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS5.2AI score0.00214EPSS

Exploits0References2

EUVD•added last week•5 views

EUVD-2026-37599

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

9.9CVSS5.2AI score0.00434EPSS

Exploits0References2

NVD•added 2026/06/17 1:20 p.m.•6 views

CVE-2026-52698

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS0.00214EPSS

Exploits0References1

NVD•added 2026/06/17 1:20 p.m.•5 views

CVE-2026-40747

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

9.9CVSS0.00434EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•13 views

CVE-2026-52698

The CVE concerns the WordPress PushEngage plugin (versions

7.4CVSS5.2AI score0.00214EPSS

Exploits0References1

Cvelist•added 2026/06/17 9:51 a.m.•25 views

CVE-2026-40747 WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

9.9CVSS0.00434EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•12 views

CVE-2026-40747

CVE-2026-40747 affects the WordPress Ecommerce Zone theme (versions <= 0.9.7) and is an Arbitrary File Upload vulnerability. The connected documents confirm a subscriber Arbitrary File Upload issue in Ecommerce Zone

9.9CVSS5.2AI score0.00434EPSS

Exploits0References1

EUVD•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36966

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

9.8CVSS5.2AI score0.00357EPSS

Exploits0References2

NVD•added 2026/06/15 9:17 p.m.•10 views

CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

9.3CVSS0.00289EPSS

Exploits0References1