CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3234 matches found

Contact Form Entries < 1.2.4 - Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...

6.1CVSS6.3AI score0.0682EPSS

Exploits4References4

Nuclei•added 12 hours ago•15 views

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. id: CVE-2017-20194 info...

5.3CVSS5.8AI score0.01098EPSS

Exploits1References3

NVD•added 2 days ago•6 views

CVE-2026-10641

Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...

7.1CVSS0.00175EPSS

Exploits0References2

RedHat Linux•added 2 days ago•3 views

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

7.8CVSS5.4AI score0.00145EPSS

Exploits0References5

CVE•added 3 days ago•7 views

CVE-2026-5149

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization up to version 2.0.7 due to get_submission_content lacking a capability check, enabling authenticated attackers with Contributor-level access to view arbitrary form submissions by iterating the entries_id parameter. Affected:...

6.5CVSS5.5AI score0.00238EPSS

Exploits0References5

Positive Technologies•added 3 days ago•8 views

PT-2026-49761

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description A session visibility check bypass exists in the shared memory search of the memory-wiki feature. This allows authenticated callers to skip session visibility guards on the search path, enabling...

6.5CVSS5.2AI score0.0021EPSS

Exploits0References5

NVD•added 4 days ago•3 views

CVE-2026-40769

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS0.00442EPSS

Exploits0References1

OSV•added 4 days ago•2 views

GHSA-8988-4F7V-96QF OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.6AI score0.00045EPSS

Exploits0References2

Positive Technologies•added 4 days ago•4 views

PT-2026-49413

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS

Exploits0References2

Positive Technologies•added 4 days ago•6 views

PT-2026-49598

5.3CVSS5.5AI score0.00045EPSS

Exploits0References3

OSSF Malicious Packages•added 6 days ago•7 views

Malicious code in node-multi-downloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...

5.3AI score

Exploits0References1

EUVD•added 6 days ago•6 views

EUVD-2026-36611

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other...

8.6CVSS5.2AI score0.00209EPSS

Exploits0References3

RedHat Linux•added 2026/06/12 7:56 p.m.•5 views

kernel: iommu: disable SVA when CONFIG_X86 is set

7.8CVSS5.4AI score0.00145EPSS

Exploits0References5

Tenable Nessus•added 2026/06/12 12:0 a.m.•8 views

Python 3.10.x / 3.11.x / 3.12.x / 3.13.x < 3.13.14 / 3.14.x < 3.14.6 Path Traversal

The version of Python installed on the remote Windows host is affected by a path traversal vulnerability. tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction...

6.9CVSS5.3AI score0.00606EPSS

Exploits0References4

Tenable Nessus•added 2026/06/12 12:0 a.m.•15 views

Photon OS 5.0: Go PHSA-2026-5.0-0869

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid320798...

9.8CVSS7AI score0.99999EPSS

Exploits20References61

RedHat Linux•added 2026/06/11 1:56 p.m.•15 views

Important: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.1AI score0.00789EPSS

Exploits3References6

CNNVD•added 2026/06/11 12:0 a.m.•5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.7 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation issue in the Matrix allowFrom function, which allowed authenticated accounts to...

8.8CVSS5.4AI score0.00309EPSS

Exploits0References1

Positive Technologies•added 2026/06/11 12:0 a.m.•5 views

PT-2026-48741

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A privilege escalation issue exists in the Matrix allowFrom feature. Authenticated accounts can match policy entries by manipulating mutable display name metadata. This allows attackers who can...

8.8CVSS5.3AI score0.00309EPSS

Exploits0References6

Packet Storm News•added 2026/06/11 12:0 a.m.•13 views

DNGBehaviorAnalyzer Telemetry-Based DNG/TIFF Metadata Parser and Anomaly Detection

This Python script provides a telemetry-driven analysis framework for inspecting Digital Negative DNG files through low-level TIFF metadata parsing and runtime event logging. The tool reads and validates TIFF headers, traverses Image File Directory IFD entries, and records parser activity using...

5.6AI score

Exploits0

NVD•added 2026/06/10 11:16 p.m.•5 views

CVE-2026-46703

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...

9.6CVSS0.00482EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by