CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/20 2:16 a.m.•12 views

CVE-2026-8626

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.00266EPSS

NVD•added 2026/05/20 2:16 a.m.•13 views

CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS0.00221EPSS

RedHat Linux•added 2026/05/20 2:11 a.m.•6 views

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

5.3CVSS5.7AI score0.00215EPSS

RedHat Linux•added 2026/05/20 2:5 a.m.•6 views

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

5.3CVSS5.7AI score0.00215EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS

Exploits0References5

EUVD•added 2026/05/20 1:25 a.m.•8 views

EUVD-2026-31024

6.1CVSS6AI score0.00266EPSS

ATTACKERKB•added 2026/05/20 1:25 a.m.•12 views

CVE-2026-8626

6.1CVSS6AI score0.00266EPSS

Exploits0References4

CVE•added 2026/05/20 1:25 a.m.•14 views

CVE-2026-8627

The CVE-2026-8627 entry affects the WordPress plugin Correct Prices (

ATTACKERKB•added 2026/05/20 1:25 a.m.•7 views

CVE-2026-8627

Cvelist•added 2026/05/20 1:25 a.m.•35 views

CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter

6.1CVSS0.00221EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter

EUVD•added 2026/05/20 1:25 a.m.•10 views

EUVD-2026-31023

CNNVD•added 2026/05/20 12:0 a.m.•5 views

WordPress plugin Bottom Bar 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References1

Positive Technologies•added 2026/05/20 12:0 a.m.•9 views

PT-2026-42258

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...

5.1CVSS5.8AI score0.00221EPSS

Exploits0References4

CNNVD•added 2026/05/20 12:0 a.m.•6 views

Taiko AG1000-01A SMS Alert Gateway 跨站脚本漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain cross-site scripting vulnerabilities. These vulnerabilities stem from stored-cross-si...

8.4CVSS5.8AI score0.00441EPSS

Exploits0References1

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42084

Name of the Vulnerable Software and Affected Versions Correct Prices versions prior to 1.1 Description The Correct Prices plugin for WordPress is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing an...

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

Exploits0References5

PT-2026-42083

Name of the Vulnerable Software and Affected Versions SponsorMe versions prior to 0.5.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. This occurs when a user is tricked into clicking a crafted link. The...

6.1CVSS5.9AI score0.00266EPSS

Vulnrichment•added 2026/05/19 9:57 p.m.•5 views

CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS

Cvelist•added 2026/05/19 9:57 p.m.•22 views

CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form

8.6CVSS0.00444EPSS