CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/05 6:30 a.m.•4 views

EUVD-2026-9773

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through = 1.4.2...

NVD•added 2026/03/05 6:16 a.m.•9 views

CVE-2026-28121

8.1CVSS0.00327EPSS

ATTACKERKB•added 2026/03/05 5:54 a.m.•6 views

CVE-2026-28121

Vulnrichment•added 2026/03/05 5:54 a.m.•4 views

CVE-2026-28121 WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability

CVE•added 2026/03/05 5:54 a.m.•12 views

CVE-2026-28121

CVE-2026-28121 : Local File Inclusion in the WordPress theme Anderson (Andersonclinic) <= 1.4.2 due to improper control of include/require filename. Root cause is improper filename handling for PHP include/require, enabling potential local file inclusion. Affected software: Anderson theme for ...

Cvelist•added 2026/03/05 5:54 a.m.•38 views

CVE-2026-28121 WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability

8.1CVSS0.00327EPSS

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin Anderson 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00327EPSS

Positive Technologies•added 2026/03/05 12:0 a.m.•6 views

PT-2026-23393

5.9AI score0.00327EPSS

Patchstack•added 2026/02/26 10:34 a.m.•5 views

WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Anderson versions = 1.4.2...

Exploits0Affected Software1

Schneier on Security•added 2026/02/14 5:4 p.m.•6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, 2026. I’m speaking at the Personal AI Summit in Los Angeles, California, USA, on Thursday, March 5, 2026. I’m speaking at Tech...

5.5AI score

Schneier on Security•added 2025/12/14 5:10 p.m.•5 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026. Details to come. I’m speaking at Capricon 44 in Chicago, Illinois, USA. The convention runs February 5-8,...

6.9AI score

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-7392

Malware in sbrugna...

5.4CVSS6.4AI score0.00266EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-47673

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00293EPSS

CVE•added 2025/02/24 2:49 p.m.•63 views

CVE-2025-27339

CVE-2025-27339 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Minimum Password Strength, affecting versions up to 1.2.0. The CVSS base metrics reported (CVSS 3.1, vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) indicate a Medium severity (score 4.3) with user inte...

4.3CVSS7.2AI score0.00145EPSS

Schneier on Security•added 2024/06/21 11:4 a.m.•11 views

Ross Anderson’s Memorial Service

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. The passcode is "L3954FrrEF"...

7.4AI score

ICS•added 2024/06/20 6:0 a.m.•19 views

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

9.8CVSS9.1AI score0.75206EPSS

Exploits6References10

UbuntuCve•added 2024/05/30 4:15 p.m.•30 views

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcountincnotzero in tcptwskunique. Anderson Nascimento reported a use-after-free splat in tcptwskunique with nice analysis. Since commit ec94c2696f0b "tcp/dccp: avoid one atomic operation for timewait hashdance",...

7.8CVSS6.4AI score0.00614EPSS

Exploits0References28

Cvelist•added 2024/05/30 3:29 p.m.•32 views

CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().

7.4AI score0.00614EPSS

Exploits0References8

Schneier on Security•added 2024/04/10 11:8 a.m.•11 views

In Memoriam: Ross Anderson, 1956–2024

Last week, I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Heres the longer version. EDITED TO ADD 4/11: Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story...

7.2AI score