CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

RedhatCVE•added 2026/04/01 5:3 p.m.•2 views

CVE-2026-34172

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enabl...

8.8CVSS6.3AI score0.00336EPSS

Exploits1References1

NVD•added 2026/03/31 3:16 p.m.•1 views

CVE-2026-34172

8.8CVSS0.00336EPSS

Exploits1References1

NVD•added 2026/01/24 8:16 a.m.•2 views

CVE-2026-1099

The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00016EPSS

Exploits0References3

Vulnrichment•added 2026/01/24 7:26 a.m.•4 views

CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes

6.4CVSS6AI score0.00016EPSS

Exploits0References3

Cvelist•added 2026/01/24 7:26 a.m.•29 views

CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes

6.4CVSS0.00016EPSS

Exploits0References3

CVE•added 2026/01/24 7:26 a.m.•7 views

CVE-2026-1099

CVE-2026-1099 refers to the WordPress plugin Administrative Shortcodes (

6.4CVSS5.8AI score0.00016EPSS

Exploits0References3

ATTACKERKB•added 2026/01/24 7:26 a.m.•2 views

CVE-2026-1257

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...

7.5CVSS6.4AI score0.00046EPSS

Exploits0References5

Patchstack•added 2026/01/24 3:7 a.m.•5 views

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability

Authenticated Contributor+ Local File Inclusion via 'slug' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

7.5CVSS5.4AI score0.00046EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/01/24 12:0 a.m.•2 views

WordPress Plugin Administrative Shortcodes Cross-Site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00016EPSS

Exploits0References4

Positive Technologies•added 2026/01/24 12:0 a.m.•3 views

PT-2026-4588

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get template part functio...

7.5CVSS6.5AI score0.00046EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1064

Malware in sbrugna...

5.6CVSS5.4AI score0.00169EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0062

Malware in sbrugna...

2.4CVSS3.8AI score0.0005EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1726

Malware in sbrugna...

6.5CVSS6.3AI score0.00672EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-45587