CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/12 10:16 a.m.•11 views

CVE-2026-7428

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...

9.2CVSS0.00239EPSS

EUVD•added 2026/05/12 9:31 a.m.•44 views

EUVD-2026-29408

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS5.8AI score0.00208EPSS

Exploits0References8

EUVD•added 2026/05/12 9:31 a.m.•8 views

EUVD-2026-29415

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00211EPSS

EUVD•added 2026/05/12 9:31 a.m.•9 views

EUVD-2026-29417

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via checkadminreferer or wpverifynonce in the...

4.3CVSS5.7AI score0.00132EPSS

EUVD•added 2026/05/12 9:31 a.m.•32 views

EUVD-2026-29389

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

7.5CVSS5.9AI score0.00413EPSS

Exploits0References20

CVE•added 2026/05/12 9:29 a.m.•14 views

CVE-2026-6813

The CVE-2026-6813 entry concerns the WordPress Continually plugin (versions up to 4.3.1). It describes a Stored Cross-Site Scripting vulnerability in admin settings caused by insufficient input sanitization and output escaping, exploitable by authenticated attackers with administrator-level permi...

ATTACKERKB•added 2026/05/12 9:29 a.m.•4 views

CVE-2026-6813

ATTACKERKB•added 2026/05/12 9:29 a.m.•6 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

Cvelist•added 2026/05/12 9:29 a.m.•71 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS0.00195EPSS

Vulnrichment•added 2026/05/12 9:29 a.m.•9 views

CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

NVD•added 2026/05/12 9:16 a.m.•11 views

CVE-2026-7562

4.3CVSS0.00132EPSS

NVD•added 2026/05/12 9:16 a.m.•17 views

CVE-2026-6709

4.3CVSS0.00208EPSS

Exploits0References7

NVD•added 2026/05/12 9:16 a.m.•48 views

CVE-2026-2993

7.5CVSS0.00413EPSS

Exploits0References19

CVE•added 2026/05/12 9:16 a.m.•21 views

CVE-2026-7428

CVE-2026-7428 affects Google Cloud AlloyDB for PostgreSQL. The vulnerability stems from insecure default administrative credentials that could be created by well-intended Terraform or REST API users before 2025-11-03, enabling a remote attacker to gain full administrative access to the database. ...

9.2CVSS5.8AI score0.00239EPSS

ATTACKERKB•added 2026/05/12 9:16 a.m.•9 views

CVE-2026-7428

9.2CVSS5.8AI score0.00239EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 9:16 a.m.•13 views

CVE-2026-7428 Insecure default administrative credentials in AlloyDB for PostgreSQL

9.2CVSS5.8AI score0.00239EPSS

OSV•added 2026/05/12 8:52 a.m.•4 views

BIT-PGBOUNCER-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS

Exploits0References2

RedhatCVE•added 2026/05/12 8:20 a.m.•9 views

CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS

RedhatCVE•added 2026/05/12 8:20 a.m.•11 views

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

9.8CVSS5.7AI score0.0044EPSS