CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

Patchstack•added 2026/03/27 11:24 a.m.•2 views

WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability

Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.21...

5.3CVSS5.9AI score0.00135EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2026/03/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats- server provides an MQTT client interface. Prior to...

6.5CVSS6.4AI score0.00017EPSS

Exploits0References3

The Hacker News•added 2026/02/28 5:21 p.m.•9 views

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence AI agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no...

8.8CVSS6.6AI score0.0013EPSS

Exploits2

Tenable Nessus•added 2026/01/13 12:0 a.m.•2 views

MiracleLinux 8 : httpd:2.4 (AXSA:2025-10834:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10834:01 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible usi...

9.1CVSS7.9AI score0.03545EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 9:49 a.m.•2 views

CVE-2020-24349

njs through 0.4.3, used in NGINX, allows control-flow hijack in njsvalueproperty in njsvalue.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface...

5.5CVSS7AI score0.00057EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-5839

Malware in sbrugna...

7CVSS6.9AI score0.00479EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-32651