CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...

6.3CVSS5.1AI score0.00242EPSS

Exploits0References1

Positive Technologies•added 2 days ago•5 views

PT-2026-49422

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

7.5CVSS5.2AI score0.00294EPSS

Exploits0References2

Positive Technologies•added 2 days ago•4 views

PT-2026-49441

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

CVE•added 6 days ago•27 views

CVE-2026-46519

CVE-2026-46519 affects mcp-server-kubernetes (Model Context Protocol server) prior to version 3.6.0. The issue stems from access controls implemented via three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) being enforced only at the tool discov...

8.8CVSS5.6AI score0.00376EPSS

Exploits0References2

NVD•added 6 days ago•11 views

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS

Exploits0References1

NVD•added 2026/06/09 5:16 a.m.•8 views

CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS0.00113EPSS

Exploits0References8

RedhatCVE•added 2026/06/09 2:58 a.m.•9 views

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00379EPSS

Exploits0References1

Packet Storm News•added 2026/06/09 12:0 a.m.•5 views

OpenSSL Toolkit 3.6.3

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...

9.8CVSS5.4AI score0.01388EPSS

Exploits0

RedhatCVE•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

4.3CVSS5.4AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:32 p.m.•6 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.5AI score0.00123EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:13 p.m.•5 views

CVE-2026-48865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS5.4AI score0.00146EPSS

Exploits0References1

CNNVD•added 2026/06/04 12:0 a.m.•2 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a security vulnerability. This vulnerability stems from the fact that the FTP account processing program does not enforce a shell whitelist, which may allow arbitrary shell...

9.4CVSS5.4AI score0.00364EPSS

Exploits0References2

NVD•added 2026/06/03 2:16 p.m.•11 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS0.00297EPSS

Exploits0References1