CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/01 12:0 a.m.•3 views

ASB-A-433746973

In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00004EPSS

Chainguard•added 2026/02/28 7:17 p.m.•3 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: terraform-provider-grafana, volsync-fips, descheduler, spicedb-operator, knative-net-istio-fips, dkron, minio-fips, kubescape-operator-fips, trivy-fips, grype, ferretdb, fluent-bit-plugin-loki, gitlab-cng-fips, aws-ebs-csi-driver, telegraf, docker-cli-buildx-fips,...

5.4AI score

RedhatCVE•added 2026/02/28 7:47 a.m.•8 views

CVE-2026-2428

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

7.5CVSS5.9AI score0.00035EPSS

Malwarebytes•added 2026/02/27 11:29 a.m.•6 views

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

6.3AI score

NVD•added 2026/02/27 4:16 a.m.•5 views

CVE-2026-2428

7.5CVSS0.00035EPSS

Vulnrichment•added 2026/02/27 3:23 a.m.•4 views

CVE-2026-2428 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification

7.5CVSS5.9AI score0.00035EPSS

Positive Technologies•added 2026/02/27 12:0 a.m.•5 views

PT-2026-22290

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack for WordPress versions through 6.1.17 Description The software contains a flaw related to insufficient verification of data authenticity. Specifically, PayPal IPN Instant Payment Notification verification is disabl...

7.5CVSS5.9AI score0.00035EPSS

Exploits0References8

Malwarebytes•added 2026/02/25 3:48 p.m.•4 views

Developer creates app to detect nearby smart glasses

An independent developer, moved after reading about the abuse of smart glasses to film people without their consent, decided to create an app to detect nearby smart glasses. Smart glasses are wearable devices built into ordinary-looking eyewear that add functions like audio, cameras, sensors, and...

5.5AI score

Microsoft CVE•added 2026/02/21 12:28 p.m.•3 views

crypto: virtio - Add spinlock protection with virtqueue notification

...

5.5CVSS5.3AI score0.0003EPSS

RedhatCVE•added 2026/02/20 1:26 p.m.•4 views

CVE-2026-27066

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through = 2.3.60...

RedhatCVE•added 2026/02/20 7:22 a.m.•4 views

CVE-2026-1455

The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00016EPSS

RedhatCVE•added 2026/02/19 7:21 p.m.•4 views

CVE-2026-2661

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be...

7.8CVSS5.5AI score0.00011EPSS

Exploits2References1

NVD•added 2026/02/19 9:16 a.m.•2 views

CVE-2026-27066

5.3CVSS0.00042EPSS

ATTACKERKB•added 2026/02/19 8:27 a.m.•2 views

CVE-2026-27066

Vulnrichment•added 2026/02/19 8:27 a.m.•1 views

CVE-2026-27066 WordPress Live sales notification for WooCommerce plugin <= 2.3.61 - Broken Access Control vulnerability

CVE•added 2026/02/19 8:27 a.m.•9 views

CVE-2026-27066

CVE-2026-27066 affects the WordPress plugin “Live sales notification for WooCommerce” (versions up to 2.3.49; some sources list up to 2.3.46). Root cause: missing authorization arising from incorrectly configured access control security levels that grant insufficiently restricted access. Impact: ...

Cvelist•added 2026/02/19 8:27 a.m.•30 views

CVE-2026-27066 WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability

5.3CVSS0.00042EPSS

CNNVD•added 2026/02/19 12:0 a.m.•4 views

WordPress plugin Live sales notification for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00042EPSS