CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS0.00035EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•5 views

CVE-2026-44962

9.9CVSS6.1AI score0.00035EPSS

Exploits0References2Affected Software1

CNNVD•added 6 days ago•4 views

Plesk 安全漏洞

Plesk is a web hosting control panel developed by the Swiss company Plesk. There is a security vulnerability in Plesk, which stems from XPath injection in the APS application directory search function. User input that is not properly cleaned and directly inserted into the XPath query could allow...

9.9CVSS6.1AI score0.00035EPSS

Exploits0References1

Patchstack•added 2026/03/31 11:2 a.m.•1 views

WordPress Auto Post Scheduler plugin <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via apsoptionspage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Auto Post Scheduler versions = 1.84...

6.1CVSS5.9AI score0.00048EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/31 6:31 a.m.•0 views

EUVD-2026-17321

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.8AI score0.00048EPSS

Exploits0References4

NVD•added 2026/03/31 6:16 a.m.•1 views

CVE-2026-1877

6.1CVSS0.00048EPSS

Exploits0References3

CVE•added 2026/03/31 5:28 a.m.•4 views

CVE-2026-1877

Auto Post Scheduler for WordPress (up to version 1.84) is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the aps_options_page function, allowing unauthenticated attackers to update settings and inject malicious scripts via forged requests if a site admin is tricked in...

6.1CVSS5.8AI score0.00048EPSS

Exploits0References3

Cvelist•added 2026/03/31 5:28 a.m.•24 views

CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page

6.1CVSS0.00048EPSS

Exploits0References3

Vulnrichment•added 2026/03/31 5:28 a.m.•1 views

CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page

6.1CVSS5.8AI score0.00048EPSS

Exploits0References3

Positive Technologies•added 2026/03/31 12:0 a.m.•4 views

PT-2026-29196

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps options page' function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.8AI score0.00048EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 3:10 p.m.•0 views

CVE-2026-1899

The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's apsslider shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'posttype' attribute. This makes it possible for authenticated...

6.4CVSS6AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/03/21 6:30 a.m.•0 views

EUVD-2026-13982

6.4CVSS6AI score0.00045EPSS

Exploits0References5

ATTACKERKB•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-1899

6.4CVSS6AI score0.00045EPSS

Exploits0References5

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-1899 Any Post Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute

6.4CVSS6AI score0.00045EPSS

Exploits0References4

RedhatCVE•added 2026/03/16 2:29 p.m.•1 views

CVE-2026-3086

A flaw was found in GStreamer. A remote attacker could exploit this out-of-bounds write vulnerability by providing specially crafted H.266 video data. This issue, specifically within the processing of Adaptation Parameter Set APS units, stems from insufficient validation of user-supplied data,...

7.8CVSS6AI score0.00108EPSS

Exploits0References5

OSV•added 2026/03/16 2:19 p.m.•0 views

UBUNTU-CVE-2026-3086

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS6.2AI score0.00108EPSS

Exploits0References3

AlpineLinux•added 2026/03/13 8:40 p.m.•4 views

CVE-2026-3086

7.8CVSS6.3AI score0.00108EPSS

Exploits0References2

Cvelist•added 2026/03/13 8:40 p.m.•19 views

CVE-2026-3086 GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

7.8CVSS0.00108EPSS

Exploits0References2

ATTACKERKB•added 2026/03/13 8:40 p.m.•5 views

CVE-2026-3086

7.8CVSS6.3AI score0.00108EPSS

Exploits0References3

CVE•added 2025/12/25 10:32 p.m.•11 views

CVE-2025-15089

CVE-2025-15089 affects the UTT Progressive 512W router, up to version 1.7.7-171114. The vulnerability is a buffer overflow in the function where the argument wepkey1 is handled by strcpy in the file /goform/APSecurity. Exploitation can be performed remotely, and public exploit details exist. Prac...

9.8CVSS6.7AI score0.00413EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by