CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8416 matches found

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31716

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.3.84 and prior to 1.2.28 Description LangChain's f-string prompt-template validation was incomplete, allowing attribute access and indexing expressions in templates for DictPromptTemplate and ImagePromptTemplate...

5.3CVSS4.8AI score0.00262EPSS

Exploits0References12

Positive Technologies•added 2026/04/08 12:0 a.m.•4 views

PT-2026-31286

Name of the Vulnerable Software and Affected Versions PrivateContent Free versions up to and including 1.2.0 Description The PrivateContent Free plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'align' shortcode attribute within the pc-login-form shortcode. This occu...

6.4CVSS5.8AI score0.00276EPSS

Exploits0References12

Tenable Nessus•added 2026/04/08 12:0 a.m.•1 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006776)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006776 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VMPAT handling in COW mappings PAT handling won't do the right thing in COW...

5.5CVSS6.4AI score0.00252EPSS

Exploits0References4

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31073

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

6.4CVSS6.1AI score0.00264EPSS

Exploits0References5

SUSE CVE•added 2026/04/07 11:25 p.m.•2 views

SUSE CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00515EPSS

Exploits1References3

Patchstack•added 2026/04/07 11:17 p.m.•3 views

WordPress TableOn - WordPress Posts Table Filterable plugin <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability

WordPress TableOn - WordPress Posts Table Filterable plugin = 1.0.4.4 - Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin TableOn versions = 1.0.4.4...

6.4CVSS5.9AI score0.00264EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/07 10:58 p.m.•2 views

WordPress LearnPress plugin <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin LearnPress versions = 4.3.3...

6.4CVSS5.9AI score0.00313EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/07 10:55 p.m.•4 views

WordPress LightPress Lightbox plugin <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery Lightbox versions = 2.3.4...

6.4CVSS5.9AI score0.00264EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/07 5:38 p.m.•3 views

CVE-2026-39333

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

8.7CVSS6AI score0.00215EPSS

Exploits0References2Affected Software1

OSV•added 2026/04/07 5:16 p.m.•1 views

DEBIAN-CVE-2026-39314

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

6.2CVSS5.3AI score0.00154EPSS

Exploits1References1

OSV•added 2026/04/07 5:16 p.m.•1 views

ALPINE-CVE-2026-39314

6.2CVSS5.3AI score0.00154EPSS

Exploits1References1

NVD•added 2026/04/07 5:16 p.m.•2 views

CVE-2026-39314

6.2CVSS0.00154EPSS

Exploits1References1

OSV•added 2026/04/07 5:16 p.m.•1 views

UBUNTU-CVE-2026-39314

6.2CVSS5.8AI score0.00154EPSS

Exploits1References4

RedhatCVE•added 2026/04/07 5:6 p.m.•4 views

CVE-2026-33406

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

6.1CVSS6AI score0.00254EPSS

Exploits1References1

CVE•added 2026/04/07 4:59 p.m.•32 views

CVE-2026-39314

OpenPrinting CUPS (CVE-2026-39314) is vulnerable in versions 2.4.16 and prior. The root cause is an integer underflow in _ppdCreateFromIPP (cups/ppd-cache.c): a negative job-password-supported IPP attribute passes bounds checks, is cast to size_t, and is used as a length in memset() on a 33-byte ...

6.2CVSS5.9AI score0.00154EPSS

Exploits1References1Affected Software1