CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/27 12:0 a.m.•7 views

CVE-2026-30498

A Cross-Site Request Forgery CSRF vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0...

5.8AI score0.00097EPSS

Exploits0References1

4.3CVSS5.7AI score0.00128EPSS

WordPress plugin Old Posts Highlighter 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Exploits0References5

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-44058

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4 Description The buildMatcherRegex and matches functions in packages/backend-core/src/middleware/matchers.ts compile route patterns into unanchored regular expressions and test them against ctx.request.url, whi...

6.5CVSS5.9AI score0.00115EPSS

Exploits0References5

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-44170

Name of the Vulnerable Software and Affected Versions mailomat-mailer affected versions not specified Description A Signature Algorithm Downgrade flaw exists in the mailomat-mailer component. This issue allows an attacker to perform complete Signature Forgery, which is the act of creating a...

5.1AI score0.00018EPSS

Exploits0References14

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43533

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00145EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43575

Name of the Vulnerable Software and Affected Versions MetaMagic SEO Plugin versions prior to 1.7 Description The MetaMagic SEO Plugin for WordPress is subject to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to...

4.3CVSS5.7AI score0.00124EPSS

CNNVD•added 2026/05/27 12:0 a.m.•8 views

WordPress plugin Search Simple Fields 跨站请求伪造漏洞

4.3CVSS5.7AI score0.0014EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin MetaMagic SEO Plugin 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00124EPSS

5.9CVSS5.7AI score0.00225EPSS

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-44018

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Integration Plugin versions prior to 0.7.4 Description A cross-site request forgery CSRF flaw allows attackers to trigger a build for a pull request. CSRF is a type of attack that tricks a victim into submitting a malicious...

4.3CVSS5.7AI score0.00109EPSS

Exploits0References4

CNNVD•added 2026/05/27 12:0 a.m.•11 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by node.js’s built-in APIs. Erlang/OTP has a security vulnerability, which stems from improper trust in the certificate chain within the publickey module. This allows non-CA...

7CVSS5.8AI score0.0024EPSS

5.1CVSS6AI score0.00329EPSS

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the automated...

Exploits0References1

4.3CVSS5.7AI score0.0014EPSS

WordPress plugin CDN Linker lite 跨站请求伪造漏洞

Tenable Nessus•added 2026/05/27 12:0 a.m.•81 views

Linux Distros Unpatched Vulnerability : CVE-2026-48843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may le...

7.2CVSS5.8AI score0.0031EPSS

Exploits0References2

Exploit DB•added 2026/05/27 12:0 a.m.•57 views

EspoCRM 9.3.3 - SSRF

Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage: https://www.espocrm.com/ Software Link: https://github.com/espocrm/espocrm/releases/tag/9.3.3 Version: 9.3.3...

4.3CVSS5.8AI score0.01978EPSS

Exploits5

Tenable Nessus•added 2026/05/27 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-41074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. A...

7.1CVSS5.9AI score0.00117EPSS

Exploits0References2

Vulnrichment•added 2026/05/26 11:59 p.m.•9 views

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS