CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

ATTACKERKB•added 2026/03/26 3:37 a.m.•1 views

CVE-2026-4329

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00237EPSS

Exploits0References13

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26718

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize ig data function which only sanitizes array values but not array keys...

7.2CVSS6AI score0.00213EPSS

Exploits0References19

Cvelist•added 2026/02/20 4:48 p.m.•19 views

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS0.00039EPSS

Exploits0References2

NVD•added 2026/02/19 7:17 a.m.•2 views

CVE-2026-2502

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

6.1CVSS0.00126EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-8125

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00098EPSS

Exploits0References5

Cvelist•added 2025/03/20 11:11 a.m.•13 views

CVE-2024-13922 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

2.7CVSS0.00157EPSS

Exploits0References4

OSV•added 2021/02/16 4:15 a.m.•0 views

CVE-2021-27234

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp...

9.8CVSS7.4AI score0.00366EPSS

Exploits0References1

CNVD•added 2018/05/25 12:0 a.m.•1 views

BearAdmin SQL Injection Vulnerability

BearAdmin is a backend management system based on ThinkPHP5 and AdminLTE. A SQL injection vulnerability exists in BearAdmin version 0.5, which originates from the admin\controller\AdminLog.php page failing to properly construct a MySQL query. A remote attacker can exploit the vulnerability by...

8.8CVSS8.4AI score0.00232EPSS

Exploits1References1

CNVD•added 2017/10/23 12:0 a.m.•1 views

Cross-site request forgery vulnerability in phpMyFAQ admin/stat.adminlog.php file

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

8.8CVSS8.7AI score0.00134EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by