CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 3 days ago•3 views

WordPress plugin: Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity – Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

7.5CVSS5.8AI score0.00031EPSS

Cvelist•added 2026/05/09 12:29 p.m.•25 views

CVE-2026-8198 Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an...

5.3CVSS0.00039EPSS

Exploits0References6

Vulnrichment•added 2026/05/09 12:29 p.m.•5 views

CVE-2026-8198 Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

5.3CVSS5.7AI score0.00039EPSS

Exploits0References6

OPENSUSE Linux•added 2026/04/21 12:0 a.m.•2 views

haproxy-3.3.6+git91.af5637e93-1.1 on GA media (moderate)

haproxy-3.3.6+git91.af5637e93-1.1 on GA media Announcement ID: openSUSE-SU-2026:10581-1 Rating: moderate Cross-References: CVE-2026-33555 CVSS scores: CVE-2026-33555 SUSE : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2026-33555 SUSE : 6.3...

6.3CVSS5.8AI score0.00013EPSS

Exploits0

Github Security Blog•added 2026/02/02 12:31 p.m.•2 views

Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

Exploits0References4Affected Software1

Vulnrichment•added 2026/02/02 10:36 a.m.•2 views

CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference

CVE•added 2026/02/02 10:36 a.m.•9 views

CVE-2026-0599

CVE-2026-0599 concerns huggingface/text-generation-inference version 3.3.6, where unauthenticated attackers can trigger a resource-exhaustion DoS via unbounded external image fetching during input validation in VLM mode. The router scans inputs for Markdown image links and issues a blocking HTTP ...

EUVD•added 2026/02/02 10:36 a.m.•4 views

EUVD-2026-5137

Cvelist•added 2026/02/02 10:36 a.m.•27 views

CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference

7.5CVSS0.00259EPSS

Github Security Blog•added 2026/02/02 6:30 a.m.•4 views

RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS8.1AI score0.00091EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/02 6:30 a.m.•1 views

GHSA-4WWF-F7W3-94F5 RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS5.7AI score0.00091EPSS

Exploits0References5

CVE•added 2026/02/02 4:37 a.m.•9 views

CVE-2026-24788

CVE-2026-24788 concerns RaspAP raspap-webgui prior to version 3.3.6, which is affected by an OS command injection vulnerability. Multiple connected sources (Red Hat's advisory RH:CVE-2026-24788, NVD/NVD-derived entries, GHSA entry, CIRCL sighting) corroborate that an authenticated user (login to ...

8.8CVSS5.9AI score0.00091EPSS

Positive Technologies•added 2026/02/02 12:0 a.m.•1 views

PT-2026-5654

Name of the Vulnerable Software and Affected Versions huggingface/text-generation-inference version 3.3.6 huggingface/text-generation-inference versions prior to 3.3.7 Description A flaw exists in huggingface/text-generation-inference that allows unauthenticated remote attackers to cause a...

7.5CVSS7.4AI score0.00259EPSS

Exploits0References8

Packet Storm News•added 2026/01/27 12:0 a.m.•2 views

OpenSSL Toolkit 3.3.6

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.3 release...

5.3CVSS5.9AI score0.02889EPSS

Exploits7

NVD•added 2026/01/22 5:16 p.m.•3 views

CVE-2025-67942

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through = 3.3.6...

6.5CVSS0.00073EPSS

CNNVD•added 2026/01/22 12:0 a.m.•2 views

WordPress plugin Peach Payments Gateway has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00073EPSS

RedhatCVE•added 2026/01/10 5:41 a.m.•1 views

CVE-2025-22728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

8.5CVSS5.9AI score0.00019EPSS

NVD•added 2026/01/08 10:15 a.m.•3 views

CVE-2025-22728

8.5CVSS0.00019EPSS