CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

287 matches found

CVE-2026-50213

Technical details about CVE-2026-50213, including affected products, versions, root cause, and patches, are not publicly provided in the supplied documents; monitor for updates.

8.7CVSS5.8AI score0.00035EPSS

Exploits0References1Affected Software1

Cvelist•added 2 days ago•34 views

CVE-2026-50213 Bulk User Private Data Harvesting

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS0.00035EPSS

Exploits0References1

Positive Technologies•added 2026/05/05 12:0 a.m.•6 views

PT-2026-37304

Name of the Vulnerable Software and Affected Versions Link Preview JS versions prior to 4.0.1 Description The library fails to check for IPv6 loopback attacks and is susceptible to DNS attacks where an address can be resolved into an internal IP. These issues may lead to internal data leaks...

8.7CVSS5.8AI score0.00054EPSS

Exploits0References7

EUVD•added 2026/03/12 2:49 p.m.•1 views

EUVD-2026-11371

StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation...

6.8CVSS5.8AI score0.00019EPSS

Exploits1References2

NVD•added 2026/03/11 9:16 p.m.•0 views

CVE-2026-32103

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...

7.2CVSS0.00019EPSS

Exploits1References1

Positive Technologies•added 2026/03/11 12:0 a.m.•3 views

PT-2026-24820

Summary The POST /studiocms api/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor do...

6.8CVSS5.9AI score0.00019EPSS

Exploits1References6

Cvelist•added 2026/03/06 12:32 a.m.•30 views

CVE-2026-3610 HSC Cybersecurity Mailinspector URL mliUserValidation.php cross site scripting

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...

5.3CVSS0.00042EPSS

Exploits0References4

CNNVD•added 2026/03/06 12:0 a.m.•2 views

HSC Cybersecurity Mailinspector 代码注入漏洞

HSC Cybersecurity Mailinspector is an email security management system developed by HSC Cybersecurity in France. Versions of HSC Cybersecurity Mailinspector 5.3.2-3 and earlier contain a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

5.3CVSS5.7AI score0.00042EPSS

Exploits0References4

Positive Technologies•added 2026/03/06 12:0 a.m.•2 views

PT-2026-23623

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error description results in cross site scripting. The...

5.3CVSS4.3AI score0.00042EPSS

Exploits0References5

CNNVD•added 2026/02/14 12:0 a.m.•3 views

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References2

CNVD•added 2025/12/03 12:0 a.m.•1 views

Socomec DIRIS Digiware M-70 Cross-Site Request Forgery Vulnerability

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A cross-site request forgery vulnerability exists in the Socomec DIRIS Digiware M-70 that stems...

8.8CVSS6.9AI score0.00056EPSS

Exploits0References1

CNNVD•added 2025/10/31 12:0 a.m.•1 views

WordPress plugin Depicter 跨站请求伪造漏洞

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

4.3CVSS6.5AI score0.00017EPSS

Exploits0References5

CVE•added 2025/10/09 7:23 a.m.•34 views

CVE-2025-11522

CVE-2025-11522 is a high-severity vulnerability in the WordPress theme/plugin “Search & Go – Directory WordPress Theme” up to version 2.7. The root cause is insufficient validation in the search_and_go_elated_check_facebook_user() function, enabling an unauthenticated attacker to bypass authentic...

9.8CVSS5.9AI score0.0028EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-2394

Malware in sbrugna...

7.8CVSS6.4AI score0.01441EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-5263

Malware in sbrugna...

4CVSS6.3AI score0.00306EPSS

Exploits3References7