CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2178 matches found

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.2AI score0.00561EPSS

Exploits1References2

Nuclei•added 15 hours ago•20 views

Joplin 3.3.3 Server - Privilege Escalation

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...

8.8CVSS5.7AI score0.01705EPSS

Exploits1References2

CVE•added 3 days ago•13 views

CVE-2026-12780

AOMEI Backupper Kernel Driver amwrtdrv.sys (library within the Kernel Driver) up to version 8.3.0 is affected. The vulnerability enables local privilege escalation via improper access control in amwrtdrv.sys. Exploitation is local and reportedly has public disclosure; no exploit vector details ar...

8.5CVSS6.5AI score0.00111EPSS

Exploits0References5

Debian CVE•added 6 days ago•4 views

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.3AI score0.00105EPSS

Exploits0

Cvelist•added 6 days ago•22 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS

Exploits0References4

NVD•added last week•10 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS

Exploits0References2

EUVD•added 2026/06/17 6:35 p.m.•6 views

EUVD-2025-210234

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

8.1CVSS5.1AI score0.00348EPSS

Exploits0References2

CVE•added 2026/06/17 5:21 p.m.•12 views

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

8.8CVSS5.2AI score0.00276EPSS

Exploits0References1

RedHat Linux•added 2026/06/17 4:57 p.m.•7 views

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.1CVSS6AI score0.00508EPSS

Exploits0References2

NVD•added 2026/06/17 2:17 p.m.•7 views

CVE-2025-69128

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...

8.6CVSS0.0046EPSS

Exploits0References1

EUVD•added 2026/06/17 1:48 p.m.•5 views

EUVD-2025-210247

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...

8.6CVSS5.2AI score0.0046EPSS

Exploits0References1

CVE•added 2026/06/17 9:50 a.m.•8 views

CVE-2026-22340

CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme

9.3CVSS5.7AI score0.00372EPSS

Exploits0References1

Cvelist•added 2026/06/16 8:57 p.m.•18 views

CVE-2025-69125 WordPress Food Drop theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...

8.1CVSS0.00348EPSS

Exploits0References1

OSV•added 2026/06/16 11:47 a.m.•4 views

BIT-MARIADB-MIN-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.6AI score0.00276EPSS

Exploits0References3

EUVD•added 2026/06/15 9:30 p.m.•5 views

EUVD-2026-36988

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

6.5CVSS5.1AI score0.00242EPSS

Exploits0References2

EUVD•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS

Exploits0References2