CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

410 matches found

Patchstack•added 2026/05/26 8:44 p.m.•3 views

WordPress rexCrawler plugin <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rexCrawler versions = 1.0.15...

4.8CVSS5.8AI score0.00025EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/14 6:51 p.m.•3 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.12 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Athul Jayaram - SecurityInfinity in WordPress Plugin NEX-Forms versions = 9.1.12...

4.9CVSS5.9AI score0.00053EPSS

Exploits0References1Affected Software1

CNVD•added 2026/05/06 12:0 a.m.•5 views

IBM i Web Administration GUI Elevation of Privilege Vulnerability

IBM i is an integrated operating system developed by IBM for use on IBM Power Systems servers, providing database, network, and application services. An elevation of privilege vulnerability exists in IBM i. The vulnerability stems from an invalid authorization check in the Web Administration GUI...

9.8CVSS5.9AI score0.00043EPSS

Exploits0

EUVD•added 2026/03/24 12:30 a.m.•1 views

EUVD-2026-14656

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

5.4CVSS5.8AI score0.0003EPSS

Exploits0References5

CVE•added 2026/03/21 3:26 a.m.•2 views

CVE-2026-2279

The CVE concerns the WordPress plugin myLinksDump (WordPress plugin; vulnerable component: SQL construction in myLinksDump.php). Affected versions: all versions up to and including 1.6. Root cause: insufficient escaping of user-supplied parameters and lack of proper preparation of the existing SQ...

7.2CVSS5.9AI score0.00045EPSS

Exploits0References5

EUVD•added 2026/03/04 3:31 a.m.•2 views

EUVD-2026-9353

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.9AI score0.00011EPSS

Exploits0References7

Cvelist•added 2026/03/04 1:21 a.m.•26 views

CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field

The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.0001EPSS

Exploits0References4

CVE•added 2026/02/18 12:28 p.m.•8 views

CVE-2025-8781

CVE-2025-8781 affects the Bookster – WordPress Appointment Booking Plugin for WordPress. Versions up to 2.1.1 are vulnerable to SQL Injection via the raw parameter due to insufficient escaping and lack of proper query preparation, allowing authenticated attackers with Administrator-level access t...

4.9CVSS5.9AI score0.00012EPSS

Exploits0References3

EUVD•added 2026/02/03 1:49 a.m.•1 views

EUVD-2025-206763

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

8.4CVSS5.8AI score0.00031EPSS

Exploits0References1

CVE•added 2025/12/02 11:20 a.m.•9 views

CVE-2025-13090

CVE-2025-13090 affects WP Directory Kit for WordPress, where SQL Injection via the vulnerable search parameter exists in all versions up to 1.4.6. The issue arises from insufficient escaping and lack of proper query preparation, enabling authenticated administrators (and higher) to append extra S...

4.9CVSS6.2AI score0.00025EPSS

Exploits0References3

Cvelist•added 2025/12/02 8:24 a.m.•5 views

CVE-2025-13724 VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.00042EPSS

Exploits0References4

Positive Technologies•added 2025/11/04 12:0 a.m.•3 views

PT-2025-44952

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5AI score0.00022EPSS

Exploits0References3

Vulnrichment•added 2025/10/11 9:28 a.m.•2 views

CVE-2025-9975 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery

The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wpscraperextractcontent function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary...

6.8CVSS5.4AI score0.00036EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-10365

Malware in sbrugna...

6.7CVSS5.7AI score0.00082EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-48321

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.13057EPSS

Exploits0References3