CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

4.9CVSS5.9AI score0.00355EPSS

WordPress plugin NEX-Forms – Ultimate Forms Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.7AI score0.00258EPSS

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

8.1CVSS5.7AI score0.00273EPSS

WordPress plugin FOX Currency Switcher Professional for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

CNNVD•added 2026/05/15 12:0 a.m.•7 views

Open WebUI 安全漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.6.19 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent authorization controls in the memory API, allowing standard users to delete, restor...

8.3CVSS5.8AI score0.00294EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•7 views

PT-2026-41274

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.28.37 Description Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the admin form post type allow for privilege escalation. The admin...

8.8CVSS5.9AI score0.00325EPSS

Exploits0References9

8.1CVSS5.8AI score0.00354EPSS

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities were caused by TOCTOU race conditions in the LDAP and OAuth authentication processes, which could allow...

Positive Technologies•added 2026/05/15 12:0 a.m.•9 views

PT-2026-41364

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS

Exploits0References3

CNNVD•added 2026/05/15 12:0 a.m.•9 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

8.8CVSS5.8AI score0.00325EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•9 views

PT-2026-41370

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's admin id. This can...

8.1CVSS5.8AI score0.00218EPSS

Exploits0References2

CNNVD•added 2026/05/15 12:0 a.m.•10 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.1.124 contained security vulnerabilities. These vulnerabilities stemmed from APIs that did not properly verify whether the user had the authorized user role. When...

7.3CVSS5.8AI score0.0023EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•11 views

PT-2026-41268

Name of the Vulnerable Software and Affected Versions FOX – Currency Switcher Professional for WooCommerce versions prior to 1.4.6 Description The plugin is susceptible to unauthorized data loss because the admin head function lacks a proper capability check. Authenticated users with...

8.1CVSS5.8AI score0.00273EPSS

Exploits0References8

CNNVD•added 2026/05/15 12:0 a.m.•12 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Utils::parseUrl function, which allowed authenticated users to inject JavaScript through...

8.3CVSS5.7AI score0.00215EPSS

NVD•added 2026/05/14 9:16 p.m.•8 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS0.00203EPSS

EUVD•added 2026/05/14 8:45 p.m.•6 views

EUVD-2026-30476

ATTACKERKB•added 2026/05/14 8:45 p.m.•5 views

CVE-2026-42847

CVE•added 2026/05/14 8:45 p.m.•14 views

Exploits0References2

CVE-2026-42847

CVE-2026-42847 affects ClipBucket v5 prior to 5.5.3 - #122. The vulnerability is a SQL injection in the authenticated admin endpoint admin_area/action_logs.php, where the GET parameter $_GET['type'] is read, stored, and concatenated into a SQL WHERE condition on action_type in fetch_action_logs()...

Vulnrichment•added 2026/05/14 8:45 p.m.•7 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cvelist•added 2026/05/14 8:45 p.m.•30 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.1CVSS0.00203EPSS