CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

ATTACKERKB•added 2026/05/25 10:34 p.m.•3 views

CVE-2026-42774

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...

9.3CVSS5.8AI score0.00039EPSS

Exploits0References2

CVE•added 2026/04/14 1:25 a.m.•12 views

CVE-2026-4352

The CVE-2026-4352 entry affects the WordPress JetEngine plugin (versions ≤ 3.8.6.1). The vulnerability is an unauthenticated SQL Injection in the CCT REST API search endpoint via the _cct_search parameter, which is interpolated into a SQL string using sprintf() without sanitization or $wpdb->p...

7.5CVSS5.9AI score0.00035EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 2:58 p.m.•10 views

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

7.5CVSS5.8AI score0.00119EPSS

Exploits0References1

Vulnrichment•added 2026/03/24 4:27 a.m.•2 views

CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter

7.5CVSS5.8AI score0.00119EPSS

Exploits0References6

Vulnrichment•added 2026/03/13 11:42 a.m.•0 views

CVE-2026-32355 WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through 3.8.4.1...

5.8AI score0.00071EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 4:51 p.m.•1 views

CVE-2025-67923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

7.1CVSS5.3AI score0.00019EPSS

Exploits0References2

Patchstack•added 2026/01/05 11:36 a.m.•2 views

WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.7.7...

7.1CVSS6.1AI score0.00019EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/10/22 12:0 a.m.•4 views

PT-2025-43202

Name of the Vulnerable Software and Affected Versions CrocoBlock JetEngine versions through 3.7.3 Description A Stored Cross-site Scripting XSS issue exists in CrocoBlock JetEngine. This allows for the injection of malicious scripts into web pages. The issue is due to improper neutralization of...

6.5CVSS6.2AI score0.00075EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11123

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00116EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-25368

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00085EPSS

Exploits0References1

CVE•added 2025/08/14 10:34 a.m.•15 views

CVE-2025-54688

CVE-2025-54688 is a stored XSS in the WordPress plugin JetEngine (versions ≤ 3.7.1.2) caused by improper neutralization of input during web page generation. The vulnerability is reported as an authenticated Stored XSS, meaning an attacker with appropriate access could inject scripts that are late...

6.5CVSS5.9AI score0.00051EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by