CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

150 matches found

Flarum < 1.8.5 - Open Redirect

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

6.5CVSS6.2AI score0.01067EPSS

Exploits0References3

NVD•added 2026/06/15 9:17 p.m.•6 views

CVE-2026-48876

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

7.1CVSS0.00175EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:19 p.m.•25 views

CVE-2026-48876 WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

7.1CVSS0.00175EPSS

Exploits0References1

CVE•added 2026/06/15 8:19 p.m.•19 views

CVE-2026-48876

CVE-2026-48876 is an unauthenticated XSS in the WordPress Stop Spammers plugin (versions

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

EUVD•added 2026/06/15 8:19 p.m.•7 views

EUVD-2026-36853

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•10 views

PT-2026-49483

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References2

Patchstack•added 2026/06/01 2:54 p.m.•7 views

WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peleg Nagli ultrared.ai in WordPress Plugin Stop Spammers versions = 2026.3...

7.1CVSS5.8AI score0.00175EPSS

Exploits0Affected Software1

SUSE CVE•added 2026/03/16 12:51 a.m.•3 views

SUSE CVE-1999-0512

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...

10CVSS5.8AI score0.12359EPSS

Exploits0References3

RedhatCVE•added 2026/01/29 3:19 p.m.•13 views

CVE-2025-14795

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ssaddtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References1

NVD•added 2026/01/28 2:16 p.m.•7 views

CVE-2025-14795

4.3CVSS0.0016EPSS

Exploits0References4

Cvelist•added 2026/01/28 1:26 p.m.•27 views

CVE-2025-14795 Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist

4.3CVSS0.0016EPSS

Exploits0References4

CVE•added 2026/01/28 1:26 p.m.•18 views

CVE-2025-14795

CVE-2025-14795 affects the Stop Spammers Classic WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation in the ss_addtoallowlist class, enabling unauthenticated attackers to add email addresses to the spam allowlist via forged requests, if a site admin is tricked into cli...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References4

ATTACKERKB•added 2026/01/28 1:26 p.m.•4 views

CVE-2025-14795

4.3CVSS5.9AI score0.0016EPSS

Exploits0References5

Patchstack•added 2026/01/28 1:56 a.m.•9 views

WordPress Stop Spammers Classic plugin <= 2026.1 - Cross-Site Request Forgery via Email Allowlist vulnerability

Cross-Site Request Forgery via Email Allowlist vulnerability discovered by JoanClarke2 in WordPress Plugin Stop Spammers versions = 2026.1...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/01/28 12:0 a.m.•5 views

WordPress plugin Stop Spammers Classic has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.0016EPSS

Exploits0References5

Positive Technologies•added 2026/01/28 12:0 a.m.•10 views

PT-2026-5122

The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to...

4.3CVSS5.9AI score0.0016EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-1999-0510

Malware in sbrugna...

10CVSS4.6AI score0.12359EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2021-11429

Malware in sbrugna...

5.4CVSS5.6AI score0.00604EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-59252

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00194EPSS

Exploits0References2

Patchstack•added 2025/06/05 8:2 p.m.•10 views

WordPress Stop Spammers plugin <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions vulnerability

Cross-Site Request Forgery to Multiple Administrative Actions vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Stop Spammers versions = 2024.7...

5.4CVSS6.8AI score0.00166EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by