CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

Exploit DB•added 2026/04/22 12:0 a.m.•74 views

WordPress Plugin 5.2.0 - Broken Access Control

Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link: https://wordpress.org/plugins/highlight-and-share/ Version: Description A broken access control vulnerability exists in a...

4.7CVSS5.7AI score0.01231EPSS

Exploits2

RedhatCVE•added 2026/04/10 7:22 p.m.•2 views

CVE-2025-14551

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...

8.1CVSS5.8AI score0.00051EPSS

Exploits0References1

Packet Storm News•added 2026/04/10 12:0 a.m.•1 views

ADAM: A Systematic Data Extraction Attack on Agent Memory Via Adaptive Querying

Large Language Model LLM agents have achieved rapid adoption and demonstrated remarkable capabilities across a wide range of applications. To improve reasoning and task execution, modern LLM agents would incorporate memory modules or retrieval-augmented generation RAG mechanisms, enabling them to...

5.8AI score

Exploits0

CVE•added 2026/03/25 12:31 a.m.•3 views

CVE-2026-28882

CVE-2026-28882 affects Apple platforms (iOS/iPadOS, macOS Tahoe, tvOS, visionOS, watchOS). The issue allows enumerating a user’s installed apps due to insufficient checks and is fixed in Apple releases: iOS/iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Attacker could expl...

4CVSS5.8AI score0.00017EPSS

Exploits0References6Affected Software6

ATTACKERKB•added 2026/03/20 3:2 a.m.•1 views

CVE-2026-30891

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

5.3CVSS5.8AI score0.00062EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/02/28 1:56 a.m.•2 views

CVE-2026-27152

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...

5.3CVSS6AI score0.00047EPSS

Exploits0References1

CVE•added 2026/02/18 4:35 a.m.•8 views

CVE-2025-12075

CVE-2025-12075 affects the WordPress plugin Order Splitter for WooCommerce. The vulnerability is due to a missing capability check on the wos_troubleshooting AJAX endpoint, allowing authenticated users with Subscriber-level access and above to view other users’ order information. Affected version...

4.3CVSS5.5AI score0.00015EPSS

Exploits0References2

Packet Storm News•added 2026/01/22 12:0 a.m.•5 views

CONTEX-T: Contextual Privacy Exploitation Via Transformer Spectral Analysis for IoT Device Fingerprinting

The rapid expansion of internet of things IoT devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expo...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/07 9:17 a.m.•5 views

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

4.3CVSS7.1AI score0.0013EPSS

Exploits0References1

CVE•added 2025/12/16 4:9 p.m.•5 views

CVE-2025-10450

CVE-2025-10450 affects RTI Connext Professional (Core Libraries). The issue is described as the exposure of private personal information to an unauthorized actor, enabling sniffing of network traffic. Affected versions are Connext Professional: from 7.4.0 before 7.*, and from 7.2.0 before 7.3.1. ...

8.3CVSS5.9AI score0.00033EPSS

Exploits0References1Affected Software1

OSV•added 2025/12/05 6:15 p.m.•1 views

UBUNTU-CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS5.7AI score0.00032EPSS

Exploits0References6

CVE•added 2025/11/04 1:15 a.m.•4 views

CVE-2025-43389

CVE-2025-43389 is a privacy issue affecting Apple platforms. The vulnerability was addressed by removing the vulnerable code, with fixes shipped in macOS Tahoe 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26.1, iOS 26.1 and iPadOS 26.1, and iOS 18.7.2 and iPadOS 18.7.2. Affected comp...

5.5CVSS6.5AI score0.00022EPSS

Exploits0References6Affected Software4

Positive Technologies•added 2025/11/03 12:0 a.m.•1 views

PT-2025-44836

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 Description An issue existed where an application could potentially access sensitive user data. The problematic code has been removed to address this privacy concern. Recommendations...

5.5CVSS6.4AI score0.00022EPSS

Exploits0References8