CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

EUVD•added last week•8 views

EUVD-2026-37618

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS5.8AI score0.00372EPSS

Exploits0References2

NVD•added 2026/06/17 1:20 p.m.•5 views

CVE-2026-49084

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS0.00283EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•13 views

CVE-2026-54189

JetEngine WordPress plugin

7.1CVSS5.1AI score0.00146EPSS

Exploits0References1

Cvelist•added 2026/06/17 9:51 a.m.•27 views

CVE-2026-54188 WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS0.00146EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•15 views

CVE-2026-54188

CVE-2026-54188 affects the WordPress JetEngine plugin (versions <= 3.8.10). It describes an unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine

7.1CVSS5.1AI score0.00146EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•15 views

CVE-2026-54187

CVE-2026-54187 affects the WordPress JetEngine plugin, vulnerable in versions up to 3.8.10.1. The issue is an unauthenticated SQL injection in JetEngine = 3.8.10.2 or later and implement mitigations per vendor guidance. The documents do not indicate in-the-wild exploitation or CVSS vectors beyond...

9.3CVSS5.7AI score0.00291EPSS

Exploits0References1

Cvelist•added 2026/06/17 9:51 a.m.•29 views

CVE-2026-54187 WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS0.00291EPSS

Exploits0References1

Cvelist•added 2026/06/17 9:51 a.m.•27 views

CVE-2026-52706 WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS0.00375EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•21 views

CVE-2026-52706

CVE-2026-52706 : Unauthenticated PHP Object Injection in WordPress JetEngine plugin (versions ≤ 3.8.10). Affected component: JetEngine; vulnerability type: PHP Object Injection. Impact: high confidentiality, integrity, and availability (CVSS 3.1 base score 9.8; network attack vector; no user inte...

9.8CVSS5.3AI score0.00375EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•12 views

CVE-2026-49075

The CVE covers a PHP Object Injection flaw in the WordPress JetEngine plugin, affecting versions

9.8CVSS5.3AI score0.00375EPSS

Exploits0References1

Cvelist•added 2026/06/17 9:51 a.m.•25 views

CVE-2026-49074 WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.9.1 versions...

7.1CVSS0.00175EPSS

Exploits0References1

CVE•added 2026/06/17 9:51 a.m.•10 views

CVE-2026-49074

CVE-2026-49074 affects the WordPress JetEngine plugin (versions <= 3.8.9.1). The description specifies an Unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Patchstack•added 2026/06/08 11:47 a.m.•7 views

WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.9.1...

9.8CVSS5.5AI score0.00375EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/06/05 7:14 p.m.•6 views

CVE-2026-4352

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

7.5CVSS5.7AI score0.00366EPSS

Exploits0References1

NVD•added 2026/04/14 2:16 a.m.•4 views

CVE-2026-4352

7.5CVSS0.00366EPSS

Exploits0References2

Vulnrichment•added 2026/04/14 1:25 a.m.•0 views

CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter

7.5CVSS5.9AI score0.00366EPSS

Exploits0References2

EUVD•added 2026/04/14 1:25 a.m.•5 views

EUVD-2026-22195

7.5CVSS5.9AI score0.00366EPSS

Exploits0References2

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32586

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cct search parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

7.5CVSS5.9AI score0.00366EPSS

Exploits0References6

ATTACKERKB•added 2026/03/24 4:27 a.m.•4 views

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

7.5CVSS5.8AI score0.00322EPSS

Exploits0References7

Cvelist•added 2026/03/13 11:42 a.m.•25 views

CVE-2026-32355 WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through 3.8.4.1...

8.8CVSS0.00355EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by