CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1498 matches found

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.2AI score0.27387EPSS

Exploits1References4

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in spaysdata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55bfbc1a93fe9a662ed20b5fb651390a850c8f43e4d68d81677b4ffd0ca17bcf The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

5.8AI score

Exploits0References1

Nuclei•added 3 days ago•27 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.92445EPSS

Exploits5References5

Positive Technologies•added 3 days ago•5 views

PT-2026-45358

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below...

5.1CVSS6AI score0.00077EPSS

Exploits0References3

Cvelist•added 6 days ago•25 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS0.00263EPSS

Exploits0References6

Vulnrichment•added 6 days ago•3 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

9.8CVSS5.8AI score0.00263EPSS

Exploits0References6

Tenable Nessus•added 6 days ago•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...

8.8CVSS5.8AI score0.00064EPSS

Exploits1References3

CNNVD•added 6 days ago•3 views

WordPress plugin OTP Login With Phone Number OTP Verification 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.8AI score0.00263EPSS

Exploits0References6

UbuntuCve•added 6 days ago•2 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00064EPSS

Exploits1References3

NVD•added last week•4 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS0.00041EPSS

Exploits1References2

NVD•added last week•4 views

CVE-2026-42998

8.8CVSS0.00064EPSS

Exploits1References2

OSV•added last week•3 views

UBUNTU-CVE-2026-42998

6CVSS5.8AI score0.00064EPSS

Exploits1References4

Vulnrichment•added 2026/05/28 12:0 a.m.•3 views

CVE-2026-43000

6CVSS5.8AI score0.00041EPSS

Exploits1References2

ATTACKERKB•added 2026/05/28 12:0 a.m.•4 views

CVE-2026-42998

6CVSS5.8AI score0.00064EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/28 12:0 a.m.•21 views

CVE-2026-43000

6CVSS0.00041EPSS

Exploits1References2

Cvelist•added 2026/05/28 12:0 a.m.•21 views

CVE-2026-42998

6CVSS0.00064EPSS

Exploits1References2

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44463

6CVSS5.8AI score0.00064EPSS

Exploits1References3

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44465

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description A privilege escalation issue exists where an attacker with a member role on a project can escalate their privileges to admin. This is achieved by chaining unrestricted application...

8.8CVSS5.7AI score0.00041EPSS

Exploits1References4

Vulnrichment•added 2026/05/28 12:0 a.m.•2 views

CVE-2026-42998

6CVSS5.8AI score0.00064EPSS

Exploits1References2

CVE•added 2026/05/27 4:39 p.m.•5 views

CVE-2026-44460

FileRise (self-hosted web-based file manager) contains a vulnerability in /api/totp_setup.php prior to version 3.12.0. If a session has passed password check (state pending_login_user) and the target account already has TOTP configured, the endpoint decrypts and returns the existing TOTP secret i...

7.4CVSS5.8AI score0.00039EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by