CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/09 3:41 a.m.•15 views

CVE-2026-8904

The CVE-2026-8904 entry concerns the WordPress plugin FastPicker, up to version 1.0.2. The underlying issue is missing or incorrect nonce validation in the settingsPage function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (e.g., webhook in...

4.3CVSS5.4AI score0.00124EPSS

Exploits0References3

Vulnrichment•added 2026/06/09 3:41 a.m.•6 views

CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save

The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...

4.3CVSS5.4AI score0.00124EPSS

Exploits0References3

CVE•added 2026/06/09 3:41 a.m.•12 views

CVE-2026-8909

WpMobi WordPress plugin (versions ≤ 0.0.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in handleSaveGeneralSettings. This allows unauthenticated attackers to modify General Settings and inject scripts into an administrator’s browser via unescaped app_name...

4.3CVSS5.5AI score0.00128EPSS

Cvelist•added 2026/06/09 3:41 a.m.•31 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

4.3CVSS0.00128EPSS

Vulnrichment•added 2026/06/09 3:41 a.m.•6 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

4.3CVSS5.5AI score0.00128EPSS

CVE•added 2026/06/09 12:0 a.m.•7 views

CVE-2026-36791

The CVE-2026-36791 entry affects Shenzhen Tenda Technology Co., Ltd. Tenda O3v3 v1.0.0.5, where a stack overflow in the save_list_data parameter of the formSetCfm function could allow a crafted HTTP request to cause a Denial of Service. Affected component: the save_list_data handling within formS...

7.5CVSS5.6AI score0.00397EPSS

Vulnrichment•added 2026/06/09 12:0 a.m.•6 views

CVE-2026-36791

Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the savelistdata parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.5AI score0.00397EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-48184

Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save list data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.6AI score0.00397EPSS

Cvelist•added 2026/06/09 12:0 a.m.•30 views

CVE-2026-36791

0.00397EPSS

CNNVD•added 2026/06/09 12:0 a.m.•6 views

Tenda O3 安全漏洞

The Tenda O3 is an outdoor wireless bridge produced by the Chinese company Tenda. The Tenda O3v3 1.0.0.5 version contains a security vulnerability. This vulnerability stems from a stack overflow issue in the savelistdata parameter of the formSetCfm function, which could allow attackers to cause...

7.5CVSS5.5AI score0.00397EPSS

CVE•added 2026/06/08 3:46 p.m.•14 views

CVE-2026-46298

CVE-2026-46298 : In the Linux kernel, a race during ioctl or release handling on pseries/papr-hvpipe could deadlock if an interrupt fires on the same CPU. The fix makes the affected lock usage use spin_lock_irqsave/restore to prevent the deadlock. The issue is resolved by the patch in the cited s...

5.5AI score0.00145EPSS

Exploits0References2

NVD•added 2026/06/08 10:16 a.m.•10 views

CVE-2026-11501

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS0.00412EPSS

ATTACKERKB•added 2026/06/08 9:15 a.m.•3 views

CVE-2026-11501

7.5CVSS7AI score0.00412EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/08 9:15 a.m.•8 views

EUVD-2026-35035

7.5CVSS5.4AI score0.00412EPSS

Vulnrichment•added 2026/06/08 9:15 a.m.•6 views

CVE-2026-11501 SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection

7.5CVSS5.4AI score0.00412EPSS

CVE•added 2026/06/08 9:15 a.m.•18 views

CVE-2026-11501

The CVE-2026-11501 entry concerns SourceCodester Hospitals Patient Records Management System 1.0. The flaw is a SQL injection in the handling of the ID parameter in /classes/Master.php?f=save_patient, enabling remote exploitation. The vulnerability stems from improper input handling in a server-s...

7.5CVSS7AI score0.00412EPSS

CNNVD•added 2026/06/08 12:0 a.m.•7 views

SourceCodester Hospitals Patient Records Management System 注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System has a vulnerability related to SQL injection, which arises from incorre...

7.5CVSS7.5AI score0.00412EPSS

Tenable Nessus•added 2026/06/08 12:0 a.m.•7 views

TencentOS Server 4: giflib (TSSA-2026:0421)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0421 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.1CVSS7.2AI score0.00112EPSS

Exploits0References2

RedhatCVE•added 2026/06/07 8:59 a.m.•14 views

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

6.4CVSS5.7AI score0.00221EPSS