CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8486 matches found

CVE•added 2026/01/24 7:26 a.m.•16 views

CVE-2026-1097

CVE-2026-1097 refers to ThemeRuby Multi Authors – Assign Multiple Writers to Posts (WordPress). The vulnerability is a Stored XSS via the shortcodes’ before and after attributes, affecting all versions up to and including 1.0.0. Exploitation requires authenticated access at Contributor level or h...

6.4CVSS5.8AI score0.0024EPSS

Exploits0References4

CVE•added 2026/01/24 7:26 a.m.•14 views

CVE-2026-1095

CVE-2026-1095 covers a stored cross-site scripting flaw in the WordPress plugin Canto Testimonials . According to the vulnerability entry, all versions up to and including 1.0 are affected by insufficient input sanitization and output escaping on the fx shortcode attribute, enabling an authentica...

6.4CVSS5.8AI score0.0025EPSS

Exploits0References3

Cvelist•added 2026/01/24 7:26 a.m.•32 views

CVE-2026-1095 Canto Testimonials <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute

The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0025EPSS

Exploits0References3

ATTACKERKB•added 2026/01/24 7:26 a.m.•2 views

CVE-2026-1095

6.4CVSS6AI score0.0025EPSS

Exploits0References4

Vulnrichment•added 2026/01/24 7:26 a.m.•3 views

CVE-2026-1095 Canto Testimonials <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute

6.4CVSS6AI score0.0025EPSS

Exploits0References3

CVE•added 2026/01/24 7:26 a.m.•20 views

CVE-2026-1257

CVE-2026-1257 affects the WordPress Administrative Shortcodes plugin (versions

7.5CVSS6.5AI score0.00678EPSS

Exploits0References4

Patchstack•added 2026/01/24 5:43 a.m.•5 views

WordPress Canto Testimonials plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Canto Testimonials versions = 1.0...

6.4CVSS5.4AI score0.0025EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/24 3:7 a.m.•6 views

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability

Authenticated Contributor+ Local File Inclusion via 'slug' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

7.5CVSS5.4AI score0.00678EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/24 12:0 a.m.•6 views

PT-2026-4584

6.4CVSS5.8AI score0.0025EPSS

Exploits0References4

Positive Technologies•added 2026/01/24 12:0 a.m.•7 views

PT-2026-4586

The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00232EPSS

Exploits0References4

Positive Technologies•added 2026/01/24 12:0 a.m.•9 views

PT-2026-4596

The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00181EPSS

Exploits0References4

Tenable Nessus•added 2026/01/24 12:0 a.m.•10 views

AlmaLinux 10 : java-21-openjdk (ALSA-2026:0928)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0928 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

7.5CVSS6.6AI score0.00547EPSS

Exploits6References7

Tenable Nessus•added 2026/01/24 12:0 a.m.•9 views

AlmaLinux 9 : java-17-openjdk (ALSA-2026:0927)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0927 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945 libpn...

7.5CVSS6AI score0.00547EPSS

Exploits6References7

RedhatCVE•added 2026/01/23 9:14 p.m.•5 views

CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS6AI score0.00469EPSS

Exploits0References1

Cvelist•added 2026/01/23 2:25 p.m.•27 views

CVE-2025-71153 ksmbd: Fix memory leak in get_file_all_info()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in getfileallinfo In getfileallinfo, if vfsgetattr fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning...

0.00114EPSS

Exploits0References4