CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/02/23 12:0 a.m.•6 views

Online Ordering System 安全漏洞

The Online Ordering System is a multi-store ordering system developed by Janobe’s individual developer. It can be used by any small business. Version 1.0 of the Online Ordering System has a security vulnerability. This vulnerability stems from the API/integrations/getintegrations endpoint, where...

9.8CVSS5.8AI score0.00104EPSS

Rapid7 Blog•added 2026/02/17 4:0 p.m.•6 views

Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026

We are excited to share Rapid7’s recognition in The Forrester Wave™: Cloud Native Application Protection Solutions CNAPP , Q1 2026 1. We see this acknowledgment as a milestone that highlights our strategic evolution and continued drive to help security teams shift from reactive defense to...

5.8AI score

Vulnrichment•added 2026/02/14 6:42 a.m.•4 views

CVE-2026-1303 MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection

The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimpcampaignsmanagerdisconnectapp function that is hooked to the AJAX action of the same name. This makes it possib...

5.3CVSS5.3AI score0.0004EPSS

Exploits0References3

Positive Technologies•added 2026/02/14 12:0 a.m.•5 views

PT-2026-8072

The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimp campaigns manager disconnect app function that is hooked to the AJAX action of the same name. This makes it...

5.3CVSS5.3AI score0.0004EPSS

Cvelist•added 2026/02/12 10:55 p.m.•25 views

CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.1CVSS0.0004EPSS

Exploits1References3

Wiz blog•added 2026/01/29 12:0 p.m.•5 views

Introducing the WIN Partner Index: The Integrations That Powered Modern Cloud Security in 2025

A data-driven industry benchmark showing how integrations are adopted, gain traction, and deliver value across modern cloud security programs...

5.9AI score

HackRead•added 2026/01/25 6:22 p.m.•3 views

7 Top Endpoint Security Platforms for 2026

Endpoints remain primary entry for attacks. In 2026, endpoint platforms must deliver behavior context, automation, investigations, and integrations...

5.4AI score

EUVD•added 2026/01/22 9:41 p.m.•10 views

EUVD-2026-3782

Freeform Craft Plugin CP UI builder/integrations has Stored Cross-Site Scripting XSS issue...

5.3AI score

Exploits0References2

Github Security Blog•added 2026/01/22 9:41 p.m.•8 views

Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...

5.4CVSS5.9AI score0.0004EPSS

Exploits1References5Affected Software1

Spring Engineering•added 2026/01/20 12:0 a.m.•7 views

This Week in Spring - January 20th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's already the 20th of January and we are off on yet another rip roarin' adventure as we look at the week that has been... this week in Spring! even more good stuff from Spring AI team legend Christian Tsolov, this one on...

5.6AI score

Snyk•added 2026/01/16 4:43 p.m.•2 views

Malicious Package

Overview lusha-integrations-widgets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/01/16 12:10 a.m.•8 views

Malicious code in lusha-integrations-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...

6.9AI score

EUVD•added 2026/01/16 12:10 a.m.•3 views

EUVD-2026-3067

Malicious code in lusha-integrations-widgets npm...

6.6AI score

OSV•added 2026/01/16 12:10 a.m.•2 views

MAL-2026-292 Malicious code in lusha-integrations-widgets (npm)

6.8AI score

NVD•added 2026/01/07 12:16 p.m.•1 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0029EPSS

Vulnrichment•added 2026/01/07 6:35 a.m.•4 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

6.5CVSS5.5AI score0.0029EPSS

Cvelist•added 2026/01/07 6:35 a.m.•23 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

6.5CVSS0.0029EPSS