CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/15 7:16 p.m.•2 views

CVE-2026-44366

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

6.1CVSS0.00019EPSS

ATTACKERKB•added 2026/05/15 6:33 p.m.•1 views

CVE-2026-44366

6.1CVSS5.8AI score0.00019EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/15 6:33 p.m.•26 views

CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field

6.1CVSS0.00019EPSS

EUVD•added 2026/05/15 6:33 p.m.•2 views

EUVD-2026-30588

6.1CVSS5.8AI score0.00019EPSS

Vulnrichment•added 2026/05/15 6:33 p.m.•2 views

CVE-2026-44366 Vvveb: Stored XSS via Comment Author Field

6.1CVSS5.8AI score0.00019EPSS

Circl•added 2026/05/14 10:21 a.m.•3 views

CVE-2026-2347

creationtimestamp| type| source ---|---|--- 2026-05-14 10:21:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlslusj2hc2n 2026-05-14 10:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116572463385163397 2026-05-14 10:30:32+00:00| seen|...

9.8CVSS5.8AI score0.00018EPSS

NVD•added 2026/05/08 8:16 p.m.•7 views

CVE-2026-42180

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...

6.3CVSS0.00038EPSS

ATTACKERKB•added 2026/05/08 7:29 p.m.•3 views

CVE-2026-42180

6.3CVSS5.8AI score0.00038EPSS

Exploits0References3Affected Software1

Circl•added 2026/05/08 6:30 p.m.•5 views

CVE-2026-41583

creationtimestamp| type| source ---|---|--- 2026-05-08 18:30:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mleef5vlvz2h 2026-05-08 19:00:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg3c5no72q...

9.3CVSS5.8AI score0.00065EPSS

Circl•added 2026/05/04 3:41 p.m.•5 views

CERTFR-2026-ACT-020

creationtimestamp| type| source ---|---|--- 2026-05-04 15:41:45+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mkzz4cqpnu2p 2026-05-04 15:42:42+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mkzz5za2nx23 2026-05-04 15:42:46+00:00| seen|...

5.8AI score

Nuclei•added 2026/04/23 11:14 a.m.•4 views

Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure

The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...

5.3CVSS5.7AI score0.00559EPSS

Circl•added 2026/04/21 7:26 a.m.•3 views

CVE-2026-31368

creationtimestamp| type| source ---|---|--- 2026-04-21 07:26:48+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mjyhfby5pv23 2026-04-21 07:30:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjyhlzy3vh2c 2026-04-21 09:15:10+00:00| seen|...

7.8CVSS4.8AI score0.00007EPSS

Exploits0References4

Circl•added 2026/04/11 2:18 a.m.•1 views

CVE-2026-5496

creationtimestamp| type| source ---|---|--- 2026-04-11 02:18:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj6rj6qhsw2m 2026-04-11 03:21:49+00:00| seen| Telegram/-uyrs94fGKBZTNu2mzMK-L-9Rc5lrbCygfSEFHI7W39U14 2026-04-11 05:03:54+00:00| seen|...

7.8CVSS7.1AI score0.00055EPSS

Circl•added 2026/04/10 12:20 p.m.•0 views

CVE-2026-40287

creationtimestamp| type| source ---|---|--- 2026-04-10 12:20:06+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-g985-wjh9-qxxc 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY 2026-04-14 05:20:27+00:00|...

8.4CVSS5.7AI score0.00012EPSS

Exploits1References5

Circl•added 2026/04/05 11:15 a.m.•2 views

CVE-2026-5554

creationtimestamp| type| source ---|---|--- 2026-04-05 11:15:53+00:00| published-proof-of-concept| Telegram/8Kty84VYI9Md0M9SNY3xGd7cM29Jpy2z-fm4LFUn2UMmE 2026-04-05 12:14:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miqpyw73fj2n 2026-04-05 12:41:28+00:00| seen|...

7.5CVSS7.3AI score0.00043EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29473

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

5.9AI score0.00041EPSS

Circl•added 2026/03/31 5:0 p.m.•0 views

CVE-2026-21632

creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0384/ 2026-04-01 12:03:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mignjhtn7k2z 2026-04-01 12:20:17+00:00| seen|...

8.4CVSS5.9AI score0.00002EPSS