CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/14 1:25 a.m.•1 views

EUVD-2026-22195

7.5CVSS5.9AI score0.00035EPSS

Vulnrichment•added 2026/04/14 1:25 a.m.•0 views

CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter

7.5CVSS5.9AI score0.00035EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32586

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cct search parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

7.5CVSS5.9AI score0.00035EPSS

Exploits0References6

ATTACKERKB•added 2026/03/24 4:27 a.m.•3 views

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

7.5CVSS5.8AI score0.00119EPSS

Exploits0References7

Cvelist•added 2026/03/13 11:42 a.m.•23 views

CVE-2026-32355 WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through 3.8.4.1...

8.8CVSS0.00071EPSS

CVE•added 2026/01/22 4:51 p.m.•8 views

CVE-2025-67923

CVE-2025-67923 is a reflected XSS in Crocoblock JetEngine (WordPress plugin) up to version 3.7.7. The root cause is improper input neutralization during web page generation. Impact per sources includes potential script execution in victims’ browsers with network access required and user interacti...

7.1CVSS5.4AI score0.00019EPSS

Cvelist•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-49938 WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through = 3.7.3...

6.5CVSS0.00075EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-1632

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00132EPSS

Patchstack•added 2025/09/18 9:30 p.m.•5 views

WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.3...

6.5CVSS6.1AI score0.00075EPSS

CNNVD•added 2025/08/20 12:0 a.m.•1 views

WordPress plugin JetEngine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6AI score0.00047EPSS

Vulnrichment•added 2025/08/14 10:34 a.m.•5 views

CVE-2025-54688 WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2...

6.5CVSS6.9AI score0.00051EPSS

Patchstack•added 2025/07/13 10:23 p.m.•27 views

WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.0...

8.5CVSS7.3AI score0.00085EPSS

Patchstack•added 2025/06/27 2:39 p.m.•5 views

WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.0...

6.5CVSS6AI score0.00047EPSS

RedhatCVE•added 2025/05/23 11:57 a.m.•6 views

CVE-2025-0369

The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘listtag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.8AI score0.00132EPSS

Patchstack•added 2025/04/11 11:50 a.m.•5 views

WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetEngine versions = 3.6.4.1...

6.5CVSS6.9AI score0.00116EPSS

NVD•added 2025/01/18 7:15 a.m.•14 views

CVE-2025-0369

6.4CVSS0.00132EPSS

Cvelist•added 2025/01/18 7:5 a.m.•12 views

CVE-2025-0369 Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter

6.4CVSS0.00132EPSS

Vulnrichment•added 2025/01/18 7:5 a.m.•11 views

CVE-2025-0369 Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter

6.4CVSS5.8AI score0.00132EPSS

CVE•added 2025/01/18 7:5 a.m.•54 views

CVE-2025-0369

The CVE-2025-0369 issue concerns the JetEngine WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the list_tag parameter, affecting all versions up to 3.6.2, due to insufficient input sanitization and output escaping. The vulnerability can be exploited by authenticated users wit...

6.4CVSS5.8AI score0.00132EPSS