CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/25 9:26 a.m.•25 views

CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aysblock' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00193EPSS

Vulnrichment•added 2026/02/25 9:26 a.m.•3 views

CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

6.4CVSS5.6AI score0.00193EPSS

Snyk•added 2026/02/25 7:7 a.m.•5 views

Improper Handling of Insufficient Permissions or Privileges

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via improper enforcement of roles in the UMA 2.0...

5.3CVSS5.9AI score0.00319EPSS

EUVD•added 2026/02/25 4:4 a.m.•1 views

EUVD-2026-8620

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "::1" and "::", but IPv4-mapped IPv6 is not...

7.2CVSS5.5AI score0.01282EPSS

Exploits4References3

NVD•added 2026/02/25 3:16 a.m.•7 views

CVE-2026-27609

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

8.3CVSS0.00143EPSS

Cvelist•added 2026/02/25 2:24 a.m.•21 views

CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

7.1CVSS0.00307EPSS

Exploits1References2

OSV•added 2026/02/25 2:24 a.m.•4 views

CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

7.1CVSS5.5AI score0.00307EPSS

Exploits1References4

Cvelist•added 2026/02/25 2:21 a.m.•22 views

CVE-2026-27595 Parse Dashboard has incomplete authentication on AI Agent endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read...

9.9CVSS0.0045EPSS

Vulnrichment•added 2026/02/25 2:18 a.m.•1 views

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

8.3CVSS5.9AI score0.00143EPSS

OSV•added 2026/02/25 2:18 a.m.•3 views

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

8.3CVSS5.6AI score0.00143EPSS

CVE•added 2026/02/25 2:18 a.m.•8 views

CVE-2026-27609

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates on affected versions and remediation for CVE-2026-27609.

8.3CVSS5.4AI score0.00143EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2026/02/25 2:10 a.m.•3 views

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

5.8AI score0.0015EPSS

RedHat Linux•added 2026/02/25 2:10 a.m.•2 views

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

5.7AI score0.00173EPSS

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

PT-2026-22086

Name of the Vulnerable Software and Affected Versions Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 Description A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on...

6.5CVSS5.9AI score0.00268EPSS

CNNVD•added 2026/02/25 12:0 a.m.•9 views

WordPress plugin Secure Copy Content Protection and Content Locking 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00193EPSS

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

PT-2026-21894

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ays block' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.6AI score0.00193EPSS