CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•6 views

CVE-2022-50953

6.9CVSS5.6AI score0.0015EPSS

Exploits0References3Affected Software1

CVE•added 2 days ago•10 views

CVE-2022-50953

The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...

6.9CVSS5.6AI score0.0015EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00029EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.6AI score0.00029EPSS

Exploits0References3Affected Software1

CVE•added 2 days ago•13 views

CVE-2021-47983

The CVE-2021-47983 issue affects WordPress plugin Stripe Payments 2.0.39, which contains a stored cross-site scripting vulnerability in the AcceptStripePayments-settings[currency_code] parameter. An authenticated attacker can submit POST requests to /wp-admin/options.php with script payloads in c...

6.4CVSS5.6AI score0.00029EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2026-11476 Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

ATTACKERKB•added 2 days ago•5 views

CVE-2026-11476

CVE•added 2 days ago•13 views

CVE-2026-11476

Technical details (affected product/version, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates to obtain concrete information on CVE-2026-11476.

Cvelist•added 2 days ago•36 views

CVE-2026-11476 Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization

6.5CVSS0.00043EPSS

EUVD•added 2 days ago•7 views

EUVD-2026-35007

6.5CVSS6.5AI score0.00033EPSS

PT-2026-47271

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search staff to assign pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

Exploits0References7

7.5CVSS5.3AI score0.00033EPSS

PT-2026-47335

A security flaw has been discovered in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a usr/a pwd results...

Exploits0References7

Positive Technologies•added 2 days ago•6 views

PT-2026-47340

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS5.5AI score0.00139EPSS

OPENSUSE Linux•added 2 days ago•3 views

Security update for NetworkManager (moderate)

openSUSE security update: security update for networkmanager ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20911-1 Rating: moderate References: bsc1257359 bsc1257366 Cross-References: CVE-2025-9615 CVSS scores: CVE-2025-9615 SUSE : 5.5...

5.5CVSS5.4AI score0.00004EPSS

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-47242

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.2AI score0.00041EPSS

Exploits0References7

PT-2026-47550

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

9.9CVSS5.6AI score

Exploits0References4