CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Vulnrichment•added 2026/04/17 7:17 p.m.•0 views

CVE-2026-33093 Anviz Products Missing Authorization

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References3

ATTACKERKB•added 2026/03/27 2:13 p.m.•1 views

CVE-2026-4984

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs 'MediaUrlN' parameters using HTTP requests that include the integration's Twilio credentials in the 'Authorization'...

8.2CVSS5.9AI score0.00008EPSS

Exploits0References2

ATTACKERKB•added 2026/03/05 9:59 p.m.•2 views

CVE-2026-28454

OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode must be enabled, allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id...

9.8CVSS6AI score0.00041EPSS

Exploits0References7

Positive Technologies•added 2026/02/17 12:0 a.m.•4 views

PT-2026-23532

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 OpenClaw versions 2026.1.30 and earlier Description When Telegram webhook mode is enabled without a configured webhook secret, the software may accept unauthenticated HTTP POST requests at the Telegram webho...

9.8CVSS5.9AI score0.00041EPSS

Exploits0References12

Positive Technologies•added 2026/02/03 12:0 a.m.•1 views

PT-2026-6499

Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto , constructor, and...

9.3CVSS5.7AI score0.00074EPSS

Exploits0References5

CVE•added 2025/12/15 2:25 p.m.•9 views

CVE-2025-13950

CVE-2025-13950 affects the OneSignal – Web Push Notifications WordPress plugin. It allows unauthenticated modification of data (App ID, REST API key, and notification behavior) via POST requests due to a missing capability check in settings handling for all versions up to 3.6.1. The issue is netw...

5.3CVSS5AI score0.00128EPSS

Exploits0References2

NVD•added 2025/08/25 10:15 p.m.•2 views

CVE-2025-57805

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

8.7CVSS0.00129EPSS

Exploits0References1

Hacker One•added 2025/07/29 10:38 p.m.•4 views

Mars: SQLi at █████ parameter

A SQL injection vulnerability was discovered in an items endpoint that accepted unauthenticated POST requests without CSRF validation. The vulnerability allowed execution of arbitrary SQL commands and extraction of database metadata. Additional security issues included stored XSS through the...

6.3AI score

Exploits0

Tenable Nessus•added 2019/11/13 12:0 a.m.•10 views

FreeBSD : wordpress -- multiple issues (459df1ba-051c-11ea-9673-4c72b94353b5)

wordpress developers reports : Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS...

5.3AI score

Exploits0References2

Tenable Nessus•added 2019/10/28 12:0 a.m.•14 views

Fedora 29 : wordpress (2019-e70f89fa34)

WordPress 5.2.4 Security Release WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Security Updates - Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. - Props to J.D. Grimes who...

5.4AI score

Exploits0References1

Tenable Nessus•added 2019/10/28 12:0 a.m.•53 views

Fedora 30 : wordpress (2019-709c48a989)

5.4AI score

Exploits0References1

OpenVAS•added 2019/10/25 12:0 a.m.•133 views

WordPress Multiple Vulnerabilities (Oct 2019) - Linux

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

9.8CVSS6.5AI score0.72902EPSS

Exploits2References2

OpenVAS•added 2019/10/25 12:0 a.m.•48 views

WordPress Multiple Vulnerabilities (Oct 2019) - Windows

9.8CVSS6.5AI score0.72902EPSS

Exploits2References1

Tenable Nessus•added 2019/10/16 12:0 a.m.•20 views

WordPress 4.3.x < 4.3.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

5.3CVSS6.2AI score0.72902EPSS

Exploits2References3

Tenable Nessus•added 2019/10/16 12:0 a.m.•16 views

WordPress 3.9.x < 3.9.29 Multiple Vulnerabilities

5.3CVSS6.2AI score0.72902EPSS

Exploits2References3

Tenable Nessus•added 2019/10/16 12:0 a.m.•15 views

WordPress 4.0.x < 4.0.28 Multiple Vulnerabilities

5.3CVSS6.2AI score0.72902EPSS

Exploits2References3

Tenable Nessus•added 2019/10/16 12:0 a.m.•13 views

WordPress 4.5.x < 4.5.19 Multiple Vulnerabilities