CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/04 5:40 p.m.•32 views

CVE-2026-41471 Easy PayPal Events & Tickets < 1.4 Information Disclosure via QR Code Endpoint

The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress po...

8.2CVSS0.00205EPSS

Vulnrichment•added 2026/05/04 5:40 p.m.•1 views

CVE-2026-41471 Easy PayPal Events & Tickets < 1.4 Information Disclosure via QR Code Endpoint

8.2CVSS5.8AI score0.00205EPSS

Cvelist•added 2026/05/04 5:39 p.m.•34 views

CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

8.7CVSS0.00167EPSS

Microsoft Secure•added 2026/04/30 3:0 p.m.•3 views

Email threat landscape: Q1 2026 trends and insights

In this article 1. Tycoon2FA disruption impact 2. QR code phishing attacks 3. CAPTCHA tactics 4. Malicious payloads 5. Business email compromise 6. Defending against email threats 7. Microsoft Defender detections During the first quarter of 2026 January-March, Microsoft Threat Intelligence detect...

6.1AI score

Malwarebytes•added 2026/04/13 7:2 a.m.•5 views

A week in security (April 6 – April 12)

Last week on Malwarebytes Labs: Fake Claude site installs malware that gives attackers access to your computer ClickFix finds a new way to infect Macs Scammers pose as Amazon support to steal your account NSFW app leak exposes 70,000 prompts linked to individual users 30,000 private Facebook imag...

5.7AI score

OSV•added 2026/04/11 3:17 p.m.•0 views

MINI-QR5R-P2QJ-G3FH

Bulletin has no description...

8.2CVSS5.7AI score0.00013EPSS

HackRead•added 2026/03/26 4:21 p.m.•4 views

Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users

7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.6 million emails went undetected...

5.8AI score

The Hacker News•added 2026/03/23 10:55 a.m.•2 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score

CNNVD•added 2026/03/06 12:0 a.m.•3 views

SICK Lector85x和SICK SICK Lector83x 安全漏洞

SICK Lector85x and SICK SICK Lector83x are a series of QR code image recognition readers developed by the German company SICK. Both devices have security vulnerabilities. These vulnerabilities stem from incorrect access controls. Attackers could potentially perform unauthenticated read and write...

9.8CVSS5.9AI score0.00059EPSS

Exploits0References6

Packet Storm•added 2026/03/02 12:0 a.m.•134 views

📄 WordPress Flex QR Code Generator 1.2.5 Shell Upload

Proof of concept exploit for a remote shell upload vulnerability in WordPress Flex QR Code Generator plugin version 1.2.5. ============================================================================================================================================= | Title : WordPress Flex QR Code...

9.8CVSS6AI score0.00304EPSS

Exploits3

Cvelist•added 2026/02/20 3:46 p.m.•22 views

CVE-2025-67969 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through = 1.5.1...

6.5CVSS0.00057EPSS

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-67969 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability

5.4AI score0.00057EPSS

CVE•added 2026/02/20 3:46 p.m.•8 views

CVE-2025-67969

CVE-2025-67969 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin UPI QR Code Payment Gateway for WooCommerce (upi-qr-code-payment-for-woocommerce)

6.5CVSS5.5AI score0.00057EPSS

RedhatCVE•added 2026/02/17 1:27 p.m.•3 views

CVE-2026-2577

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...

10CVSS5.7AI score0.00082EPSS