CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 6 days ago•12 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

ATTACKERKB•added 6 days ago•5 views

CVE-2025-12714

CVE•added 6 days ago•11 views

Exploits0References7

CVE-2025-12714

The CVE-2025-12714 relates to the Rank Math SEO – AI SEO Tools to Dominate SEO Rankings WordPress plugin. Concrete detail: a missing capability check in update_site_editor_homepage affects all versions up to 1.0.271, enabling unauthenticated modification of settings such as homepage title, meta d...

Cvelist•added 6 days ago•25 views

CVE-2025-12714 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification

5.3CVSS0.00057EPSS

EUVD•added 6 days ago•5 views

EUVD-2025-209984

Positive Technologies•added 6 days ago•4 views

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

CNNVD•added 6 days ago•4 views

Exploits0References7

WordPress plugin Rank Math SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Patchstack•added last week•8 views

WordPress Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability

Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability discovered by ? in WordPress Plugin Rank Math SEO versions = 1.0.271...

Exploits0References1Affected Software1

OSV•added 2026/05/20 2:11 p.m.•3 views

MAL-2026-4372 Malicious code in @budetzz/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...

5.8AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/20 1:16 a.m.•6 views

Malicious code in @tailwind-core/webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7955094460738dc65288f88a3bb990c7d3ff52ed3683f11265b7072bd80aa4e3 Package @tailwind-core/webpack impersonates the legitimate Tailwind v4 webpack loader @tailwindcss/webpack. The README copies Tailwind Labs branding ...

5.9AI score

OSV•added 2026/05/19 7:52 p.m.•4 views

MAL-2026-4769 Malicious code in soundsource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3285c5fec24c01c9c463e85c199934f5a08da7e94277583430a6e3feb274add The package's source distribution contains Token.txt at the tarball root holding a live PyPI API token prefix pypi-AgEIcHlwaS5vcmc.... Anyone who...

5.8AI score

OSSF Malicious Packages•added 2026/05/19 7:52 p.m.•5 views

Malicious code in soundsource (PyPI)

5.8AI score

CNNVD•added 2026/05/16 12:0 a.m.•5 views

Ocproducts Composr CMS 跨站脚本漏洞

Ocproducts Composr CMS is an open-source content management system CMS developed by the British company Ocproducts, written in PHP language. Version Ocproducts Composr CMS 10.0.34 has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site script in the banner...

6.4CVSS5.6AI score0.00034EPSS

CVE•added 2026/05/14 9:5 p.m.•7 views

CVE-2026-44429

CVE-2026-44429 pertains to the MCP Registry. Before 1.7.7, the public catalogue UI at GET / is vulnerable to stored XSS via the server.websiteUrl field in published server.json. Server-side validation (validateWebsiteURL) only checks parsing, absoluteness, and https scheme; it does not reject quo...

5.4CVSS5.7AI score0.00035EPSS

Exploits1References1Affected Software1

EUVD•added 2026/05/14 9:5 p.m.•2 views

EUVD-2026-30487

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

5.1CVSS5.8AI score0.00035EPSS

Exploits1References1

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-39263

Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.7 Description The public catalogue UI served at the 'GET /' endpoint is subject to stored cross-site scripting. This occurs via the server.websiteUrl field of published server.json files. The server-side...

5.1CVSS5.7AI score0.00035EPSS

Exploits1References9

Positive Technologies•added 2026/03/28 12:0 a.m.•3 views

PT-2026-32988

Hackage package metadata stored XSS vulnerability User-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks. The specific fields affected are: - homepage - bug-reports - source-repository.locatio...

9.9CVSS5.7AI score0.00059EPSS

Exploits0References5

RedhatCVE•added 2026/03/26 3:15 p.m.•1 views

CVE-2026-4166

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

5.1CVSS4.1AI score0.00047EPSS