CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:33 p.m.•7 views

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.5AI score0.00098EPSS

RedhatCVE•added 2026/06/05 7:29 p.m.•9 views

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.5AI score0.00262EPSS

CNNVD•added 2026/06/02 12:0 a.m.•2 views

WordPress plugin Slider Revolution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.5AI score0.00163EPSS

Cvelist•added 2026/06/01 11:28 p.m.•36 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS0.00163EPSS

ATTACKERKB•added 2026/05/19 9:39 p.m.•5 views

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00297EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/15 7:46 a.m.•43 views

CVE-2026-4683 Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update

6.5CVSS0.00262EPSS

Exploits0References4

NVD•added 2026/05/12 9:16 a.m.•11 views

CVE-2026-7626

5.3CVSS0.00251EPSS

Exploits0References5

Cvelist•added 2026/05/12 7:48 a.m.•64 views

CVE-2026-7626 Slek Gateway for WooCommerce <= 1.0 - Unauthenticated Insufficiently Protected Credentials via Payment Redirect Form Hidden Fields

5.3CVSS0.00251EPSS

Exploits0References5

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-39974

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb handle slek payment redirect function placing the merchant's slek key and slek secret API credentials directly into a client-side HTML form, and additionally embeddin...

5.3CVSS5.8AI score0.00251EPSS

Exploits0References6

Github Security Blog•added 2026/05/11 9:31 p.m.•12 views

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Exploits0References6Affected Software1

Snyk•added 2026/05/11 7:15 p.m.•9 views

Incorrect Permission Assignment for Critical Resource

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the creation of the daemon.json configuration file with overly permissive filesystem permissions. An attacker can gain...

Vulnrichment•added 2026/05/11 6:0 p.m.•7 views

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

CNNVD•added 2026/05/11 12:0 a.m.•5 views

Exploits0References3

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...

RedhatCVE•added 2026/03/26 2:59 p.m.•3 views

CVE-2026-31889

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...

OSV•added 2026/03/13 9:30 a.m.•4 views

BIT-GITLAB-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

4.4CVSS5.8AI score0.00293EPSS

Exploits0References4

Snyk•added 2026/03/11 8:42 p.m.•4 views

User Impersonation

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to update the shop-url during...

NVD•added 2026/03/11 8:16 p.m.•4 views

CVE-2026-31889

8.9CVSS0.00267EPSS

OSV•added 2026/03/11 7:24 p.m.•9 views

GHSA-C4P7-RWRG-PF6P Shopware vulnerable to a potential take over of app credentials

Summary We identified and fixed a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. By abusing app re‑registration, an attacker could redirect app traffic to an...

Github Security Blog•added 2026/03/11 7:24 p.m.•8 views

Exploits0References3

Shopware vulnerable to a potential take over of app credentials